Hi there. I'm having a major problem with my computer (XP Home Pentium 4) freezing upon start-up for 5-7 minutes, and freezing while inserting a password to log into Windows. Last night was the worst I've seen it, it took roughly 15 minutes of freezing! On my sister's side of the computer, a few pop-ups are shown that indicates that my computer is infected with a virus. However, this does not happen when I log onto my side...which I am on now. I've done an F-Secure Scan on her side and I've tried to do a HiJackThis...but it will not open the application, I've tried several times. If I did a HiJackThis on my side, will it show files from her side as well or just on mine?

Here is exactly what is happening when I log onto her side...

A pop-up window titled "Windows Security Alert" comes up and says:

Name: Trojan-Spy.HTML.Bankfraud.dg
Risk Level: CRITICAL
Description: This trojan is an email designed as a phishing attack which steals confidential information from Regions Bank Customers. The email appears to be an important communication from the Bank.

There are three button under the description, they are:

"Keep Blocking" (This one is greyed out)
"Unblock" (This is one is greyed out)
"Enable Protect" (This one is untouched)

Then there is another pop-up that says:

Windows Firewall has detected unauthorized activity, but unfortunately it cannot help you to remove viruses, keyloggers and other spyware threats that steal your personal information from your computer including your credit card data and access passwords to the online resources you use. Click here to pick recommended software to resolve this issue.

And the last pop-up located on the bottom bar has a round red X, It says: (Looks like Windows Firewall disabled!)

"Your computer is infected!"
Windows has detected spyware infection! It is recommended to use special anti-spyware tools to pervent (notice the spelling error) data loss. Windows will now download and install the most up-to-date anti-spyware for you. Click here to protect your computer from spyware!

Now, I think it seems fishy that this so called "Windows" pop-up is genuine because of the spelling error. Don't you think?

This happens only on my sisters side. But it affects my side too. I can barely log on, it gets worse after my sister logs off, the whole computer just freezes and must be shut-down.

Does anyone have any ideas how I can get rid of these viruses? F-Secure Scan fixed a few things (I think) but the pop-ups still remain and so does the freezing.

Here is a copy of the F-Secure Scan I did today:

Scanning Report
Friday, October 10, 2008 19:56:38 - 21:27:11

Computer name: MCKAY2
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 10 malware found
Backdoor.Win32.Sinowal.sq (virus)

* C:\DOCUMENTS AND SETTINGS\BREANNA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\86H4ERRP\INDEX[1] (Renamed & Submitted)

Backdoor.Win32.UltimateDefender (virus)

* System

Backdoor.Win32.UltimateDefender.a (virus)

* C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS
* C:\WINDOWS\SYSTEM32\DLLCACHE\BEEP.SYS (Renamed & Submitted)

Stealth_process (hidden item)

* C:\WINDOWS\SYSTEM32\BRASTK.EXE (Submitted)

TrackingCookie.Webtrends (spyware)

* System

Trojan.Win32.Obfuscated (virus)

* System

Trojan.Win32.Obfuscated.gx (virus)

* C:\WINDOWS\SYSTEM32\QZGXWHWH.EXE
* C:\DOCUMENTS AND SETTINGS\BREANNA\LOCAL SETTINGS\TEMP\ADMMSG.DLL
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VMFEXKDI\PYXWFIXE.EXE (Renamed & Submitted)

Statistics
Scanned:

* Files: 50773
* System: 4337
* Not scanned: 900

Actions:

* Disinfected: 0
* Renamed: 3
* Deleted: 0
* None: 7
* Submitted: 4

Files not scanned:

* �ڞx
�AGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\FONTS\FONTNOODLE.ZIP
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\002D6A5624B0 C74F04E317736693B506_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00301C3341C4 4C6CBFA6BAFF6E36B412_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\003DA61AD21F 3BFD78FE9F1F7DA4DAD9_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0056D309A481 E46682FEA47E497CDC10_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00874F2A8C4B 32726028DF35B9F03E0F_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00DD4C5CFD56 3E93589BDE4E6CF5B438_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00E5EA89BCB9 8DFA25033EEA92DEBBED_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00FF49F4B9C7 29EDB557661FF28C3612_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\016FC196A79F AF93EDF53A86FB9FD259_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\01C2EC516F7A FC97BEDCEE6A3C9DFDCA_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0241895EA370 00C36ABBC188F655603D_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02CD49E07A2A 767CE28C3B54BBB33C57_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02F7D93AFFD0 3DBC77AC1F0FF132B831_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02FB872644EF D079AD2B00874634FCCA_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\032B98D34051 77A4F1543C773F951058_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03496FB9094D D1CD4CF0A9FC3591EC67_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0356A6DD2B9C FFE6111337FDC214A74C_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04091CEEF650 CE7E594B63D244769225_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0465C172615D 6E980BB8D31710972FE5_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05233FE6535F C4BBD79A0881FB05602C_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05594578AAF3 7EA328072ECE71F5F143_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0584256A0E44 7D16189B73B28E38D332_02582511-A002-40B4-9D91-814FE760C38D
* C:\DOC0�
�
�


Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-10-10
* F-Secure AVP: 7.0.171, 2008-10-10
* F-Secure Pegasus: 1.20.0, 2008-09-01
* F-Secure Blacklight: 1.0.68

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

------------

Thank you for any help!!

Yeah, it looks like this machine is heavily infested.

How many user accounts are on it? And is there an 'Admin' account set up...I know that it is XP Home and all accounts have Admin privileges, but is there an account that is for nothing but administration stuff?

Also, if any kind of online banking/commerce is done on this machine...stop and call the banks, etc and let them know that you are infected and that this is basically the same thing as lost/stolen credit card...

A HJT probably won't show things that aren't in your account, but it still won't hurt to give us one from 'your side'...

Disinfection is going to have to take place in the admin account or the infected account/accounts...

Thanks for the reply mjc.

Well my computer is worse as of now. When I logged on (my side) a pop-up from "True Vector Service" said "Has encountered a problem and needs to shut down" Then, my internet disconnects. I am on my office computer and found out that True Vector is from Zone Alarm. It is being blocked. Do you think I should uninstall Zone Alarm? I would only have Window's firewall then, but I don't know what else to think.

I wasn't able to get a HJT log on that computer this morning. I was barely able to log into my sister's side, but when I did, all the pop-ups keep remaining.

I did what you suggested and now all of our banks have been blocked until we get this resolved.

Please advise me what to do to get back online.

Thanks again I appreciate your help.

You will need a flash drive or a CD rom. Copy the below programs on to a flash drive or CD ROM. Attempt to copy the files to your hard drive. Failing that, run the two programs below from the flash drive/ You may have to do this in safe mode.

First:
How to run a scan with Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.[/QUOTE]

Second:

Please do the following:


Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop (it needs to be run from the Desktop). Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you.


Note:

Do not mouseclick Combofix's window while it is running. That may cause the program to stall...

Third:


Re-boot the system
Post the Combofix Log
Post the MBAM log
Post a new HJT log
Tell us how the system is running.

Zone Alarm did exactly what it was supposed to do...so that is a 'good thing'. Zone Alarm, by design shuts down internet connectivity when it is being attacked or encounters a problem that causes it to crash. Dealing with the fact that ZA has shut you off is the last thing to work on...just go with what Classicsoftware has given you, for now.

mbam-log Part 1:

Malwarebytes' Anti-Malware 1.27
Database version: 1127
Windows 5.1.2600 Service Pack 3

10/11/2008 5:44:32 PM
mbam-log-2008-10-11 (17-44-32).txt

Scan type: Quick Scan
Objects scanned: 66044
Time elapsed: 47 minute(s), 55 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 31
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 69

Memory Processes Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.fu ll.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\ac cessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Service s\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Service s\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

mbam-log Part 2:

Folders Infected:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\fontnoodle.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Breanna\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.

ComboFix Log Part 1:

ComboFix 08-10-11.01 - Breanna 2008-10-11 17:55:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.233 [GMT -6:00]
Running from: C:\Documents and Settings\Breanna\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\brastk.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.

2008-10-11 16:53 . 2008-10-11 16:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-11 16:53 . 2008-10-11 16:53 <DIR> d-------- C:\Documents and Settings\Breanna\Application Data\Malwarebytes
2008-10-11 16:53 . 2008-10-11 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-11 16:53 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-11 16:53 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-10 21:27 . 2004-08-04 06:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-10-10 21:27 . 2004-08-04 06:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2008-10-10 17:57 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-10 17:54 . 2008-10-10 17:54 <DIR> d-------- C:\Program Files\Panda Security
2008-10-10 17:22 . 2008-10-10 17:25 <DIR> d-------- C:\HJT
2008-10-10 16:57 . 2008-10-10 16:57 717 --a------ C:\WINDOWS\system32\wini104552502.exe
2008-10-10 16:49 . 2008-10-10 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vmfexkdi
2008-10-08 13:31 . 2008-10-08 13:31 <DIR> d-------- C:\Documents and Settings\Breanna\Application Data\GreenPrint
2008-09-24 02:52 . 2008-05-16 06:10 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2008-09-24 02:51 . 2008-05-16 06:10 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-10-10 09:17 152,307,488 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-09 11:50 2,001,284 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-24 08:51 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-09-23 02:17 --------- d-----w C:\Documents and Settings\Breanna\Application Data\LimeWire
2008-09-03 00:29 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-08-22 02:41 72,592 ----a-w C:\WINDOWS\zllsputility.exe
2008-08-13 05:24 --------- d-----w C:\Program Files\Microsoft Home Publishing 2000
2008-01-16 10:23 110 ----a-w C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
2006-06-23 08:16 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-06-20 03:27 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061920080 620\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-28 583048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"GPPrinterNotify"="C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe" [2008-06-25 595872]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
GPLog.lnk - C:\Program Files\GreenPrint Technologies\GreenPrint World\LOGWnd.exe [2008-07-24 21904]
GreenPrint Printer Notify.lnk - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe [2008-07-24 595872]
GreenPrint TrayIcon.lnk - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPTray.exe [2008-07-24 272272]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-02-20 282624]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-09-04 65588]
Microsoft Works Calendar Reminders.lnk - C:\WINDOWS\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe [2006-06-28 29184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JJPG"= jl_jjpg.drv

ComboFix Log Part 2:

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MostFun\\Bin\\MostFun.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningPr ocess.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboo t.sys [2008-06-19 28544]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2 mtaa.sys [2004-08-03 327040]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 450400]
S3 JL2001;Telemax WebCam WC-50;C:\WINDOWS\system32\Drivers\videocap.sys [2002-01-10 173768]
.
Contents of the 'Scheduled Tasks' folder

2008-10-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-10-08 C:\WINDOWS\Tasks\EasyShare Registration Task.job
- C:\WINDOWS\system32\rundll32.exe [2008-04-13 18:12]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Breanna\Application Data\Mozilla\Firefox\Profiles\38xdyv5s.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.awesomestart.com/eternalsunshine/
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-10-11 18:03:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
.
************************************************** ************************
.
Completion time: 2008-10-11 18:10:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-12 00:10:51

Pre-Run: 35,382,923,264 bytes free
Post-Run: 36,368,584,704 bytes free

144 --- E O F --- 2008-09-10 12:03:47

HijackThis Log Part 1:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:18 PM, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\GreenPrint Technologies\GreenPrint World\GPTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\dwwin.exe
C:\HJT\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.incredimail.com/page.asp?page=reg_success&lang=9&version=5202385&setup_id=7&aff_id=54858&addon=IncrediMail
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GPPrinterNotify] "C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

HijackThis Log Part 2:

O4 - Global Startup: GPLog.lnk = ?
O4 - Global Startup: GreenPrint Printer Notify.lnk = ?
O4 - Global Startup: GreenPrint TrayIcon.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: GreenPrint - {554099FE-3856-4d93-86B5-0024AEF63BC7} - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPIEPlugin.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {63E0388E-4CD2-4728-99CC-E3652A1AE7AD} (EzAutoLogin Control) - http://203.233.205.66:8080/help/EzAutoLoginProj1.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7830 bytes

Thanks very much for the instructions.

Update: On my sisters side, the True Vector Service sign still pops up due to Zone Alarm being shut off. The red circle with the X seems to have disappeared!

On my side, It looks just fine now. I just need Zone Alarm activated.

The computer is not stalling or freezing anymore!

Uninstall and then re-install Zone Alarm.
Post a new log and let us know how the system is running....

HiJackThis log Part 1:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:11 PM, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\GreenPrint Technologies\GreenPrint World\GPTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GPPrinterNotify] "C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-21-796845957-1580436667-854245398-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Breanna')
O4 - HKUS\S-1-5-21-796845957-1580436667-854245398-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Breanna')
O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

HiJackThis log Part 2:

O4 - Global Startup: GPLog.lnk = ?
O4 - Global Startup: GreenPrint Printer Notify.lnk = ?
O4 - Global Startup: GreenPrint TrayIcon.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: GreenPrint - {554099FE-3856-4d93-86B5-0024AEF63BC7} - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPIEPlugin.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {63E0388E-4CD2-4728-99CC-E3652A1AE7AD} (EzAutoLogin Control) - http://203.233.205.66:8080/help/EzAutoLoginProj1.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8635 bytes

I did everything you said and everything is fine. Except that when I switch users, it takes about 2 minutes (blue screen) for the login page to show up. It also takes about 2 minutes before I can click on the user names to enter a password and once the password is entered, it takes about the same amount of time (black screen) before Windows logs into the account. I thought this was fixed but apparently it's not. What would be causing that?

Also, is it safe to unblock the bank accounts now?

Thanks so much.

Zone Alarm just finished a deep scan which took 4 hours and found these two viruses...

backdoor.win.32.ultimatedefender.a

trojan.win32.obfuscated.gx

They are in quarantine.

Run the MBAM again and see if it finds anything....

mbam-log

Malwarebytes' Anti-Malware 1.28
Database version: 1262
Windows 5.1.2600 Service Pack 3

10/12/2008 10:13:42 PM
mbam-log-2008-10-12 (22-13-42).txt

Scan type: Quick Scan
Objects scanned: 58943
Time elapsed: 15 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wini104552502.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

I think the reason why the mbam scan didn't pick these two viruses up the first time is because when the software did an update, my computer was not connected to the internet because Zone Alarm was down. Should I delete the Zone Alarm Quarantine files?

Keep running MBAM and let me know when it comes up clean. If one file keeps popping up it means we have suppressed the infection but not killed it.

mbam-log:

Malwarebytes' Anti-Malware 1.28
Database version: 1267
Windows 5.1.2600 Service Pack 3

10/13/2008 10:45:17 PM
mbam-log-2008-10-13 (22-45-17).txt

Scan type: Quick Scan
Objects scanned: 35251
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The scan is clean. Can we unblock the bank accounts Tuesday (tomorrow)?

The computer is still stalling as explained in one of my above posts. Do you have an idea of why this is not clearing up?

Try a Bitdefender (http://www.bitdefender.com/) on line scan. Use Internet Explorer and the link is in the lower left corner. Post your results....

The BitDefender Scan came up clean, but while the scan was in operation, ZoneAlarm popped up and showed that it detected these viruses and quarantined them.

- Backdoor.Win32.UltimateDefender.a
path found:
C:\System Volume Information\_restore{84633D61 -E2B5-46B6-A267-1756907E7FC9}\RP823\A0188384.sys

- Trojan.Win32.Obfuscated.gx
path found:
C:\System Volume Information\_restore{84633D61 -E2B5-46B6-A267-1756907E7FC9}\RP823\A0188409.exe

- Backdoor.Win32.UltimateDefender.a
path found:
C:\System Volume Information\_restore{84633D61 -E2B5-46B6-A267-1756907E7FC9}\RP823\A0188410.sys

- Backdoor.Win32.UltimateDefender.a
path found:
C:\System Volume Information\_restore{84633D61 -E2B5-46B6-A267-1756907E7FC9}\RP823\A0188411.sys

- Trojan.Win32.Obfuscated.gx
path found:
C:\System Volume Information\_restore{84633D61 -E2B5-46B6-A267-1756907E7FC9}\RP823\A0188412.exe

I did a manual ZoneAlarm scan after this and it came up clean.

You need to read this KB article (http://support.microsoft.com/kb/310405) on how to turn off and then on system restore in wWindows XP.

Pleas turn off system restore and it will remove all restore points. Then turn it back on. and make a restore point called almost clean.

Repeat the Bitdefender scan.

This goes to show the fallacy of using a suite of products. Zone Alarm is a good firewall but it not a great AV. It can show you have infected files in System Restore....

Here is the Bitdefender scan:

BitDefender Online Scanner
Scan report generated at: Wed, Oct 15, 2008 - 15:40:28

Scan path: A:\;C:\;D:\;

Statistics
Time: 02:39:59
Files: 682424
Folders: 10166
Boot Sectors: 0
Archives: 6575
Packed Files: 63138

Results
Identified Viruses: 1
Infected Files: 1
Suspect Files: 0
Warnings: 0
Disinfected: 0
Deleted Files: 1

Engines Info
Virus Definitions: 1870578
Engine build: AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins: 16
Archive plugins: 43
Unpack plugins: 7
E-mail plugins: 6
System plugins: 4

Scan Settings
First Action: Disinfect
Second Action: Delete
Heuristics: Yes
Enable Warnings: Yes
Scanned Extensions: *;
Exclude Extensions:
Scan Emails: Yes
Scan Archives: Yes
Scan Packed: Yes
Scan Files: Yes
Scan Boot: Yes

Scanned File: C:\Qoobox\Quarantine\C\WINDOWS\brastk.exe.vir
Status: Infected with Trojan.Spy.Wsnpoem.KD
Scanned File: C:\Qoobox\Quarantine\C\WINDOWS\brastk.exe.vir
Status: Deleted

Anyone around?

Sorry: I have been out of town for a few days with limited Internet access:

Now that you are clean, you need to keep it that way. Please follow the rules below. Pay careful attention to number 4. Since the release of Service Pack 2 for Windows XP, Microsoft has greatly improved the security of Windows. The majority of attacks now occur in other software. Adobe Acrobat Reader is the most attacked program right now. You need to keep your software up to date and the Secunia PSI is the best way to go.

How to Protect Yourself While On-Line


Make sure you have an up to date Antivirus. Scan Regularly. There are many free versions:

AVAST (http://www.avast.com/eng/download-avast-home.html)
AVG (http://free.grisoft.com/freeweb.php/doc/2/)
Antivir (http://www.free-av.com/antivirus/allinonen.html)


Make sure you have a software firewall and if you are on broadband, get behind a NAT router. There are also free versions:

Kerio (http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/)
Sygate (http://www.filehippo.com/download_sygate_personal_firewall/)
Zone Alarm (http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp%3bjsessionid=BzJnZDxzyCUCcyZMB2t0Q co5IgutuYlrOMI5snmy1ZptQ2vOr1l1!776180791!-1062696904!7551!7552!-2099742426!-1062696903!7551!7552)

Keep Windows up to date. Visit Windows Update (http://windowsupdate.microsoft.com) and Office Update (http://office.microsoft.com/en-us/downloads/default.aspx) regularly.
Keep all of your software up to date. You can check on your software with the Secunia Software Inspector (http://secunia.com/software_inspector/). Sign up for e-mail notification and they will tell you when to check your system again.
Use Firefox (http://www.mozilla.org/products/) with the NoScript (http://noscript.net/) extension as your web browser.
Download, install and keep an updated version of SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html).
Do NOT click on links in any I.M. program.
Use Thunderbird (http://www.mozilla.com/en-US/thunderbird/) in place of Outlook or Outlook Express.
Use Foxit Reader (http://www.download.com/Foxit-PDF-Reader/3000-2079_4-10313206.html) with the PDF Download (https://addons.mozilla.org/en-US/firefox/addon/636) extension instead of Adobe Acrobat Reader.
DO NOT open attachments from ANYONE. Download them, and scan them with your AV before opening and only if your expect to receive them.
If you use IE download a copy of IE-Spyad (http://www.spywarewarrior.com/uiuc/resource.htm).

Thanks for the reply. I did another Bitdefender scan just to be sure and it turned out clean, however yesterday I had a Windows update and it will not register on my computer. I installed it three times successfully but my computer does not seem to register the install. The Windows update icon at the bottom of the computer continues to reappear after each install. The update is called Microsoft XML Core Services 4.0 Service Pack 2. Any idea why it won't properly install?

Try to download it directly from the MS KB article that appears on the Windows Update page.

I did that yesterday, but it is still not registering. This is the first time that this has ever happened. Every time I restart or turn the computer off and on, it says that a Windows Update is installing. Any other ideas?

I had this problem on my daughters laptop. Make a note of the KB and wait a month or so see if it works....

Well, it's been a while and the Window's icon is still asking for updates at the bottom of my screen, even when Windows has already done other updates, it still appears. I wish I knew why.

Other than that, it stopped freezing and is back to normal. Things are looking good now.

I'd like to thank you very much for helping me fix this, this forum is a computer saver!

Hi, I had to come back and ask another question, I hope one of you are still around.

I did Malwarebytes Scan on routine and after it deleted a couple of files, every time I boot my computer, this error message appears:

C:\WINDOWS\System32\viheguso.dll could not be found.

Is this an important file to have and if so, how do I get it back?

Thanks anyone!

Please post a fresh Hojackthis log and we we'll see if we can remove it that way, if not we will have to edit the registry....

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:48 AM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\GreenPrint Technologies\GreenPrint World\GPTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MostFun\Bin\MostFun.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Documents and Settings\Elysia\My Documents\Software\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O2 - BHO: (no name) - {36a4ac43-59c8-422e-a9be-a6044e3df171} - C:\WINDOWS\system32\funoyeno.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GPPrinterNotify] "C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [mepahidaba] Rundll32.exe "C:\WINDOWS\system32\viheguso.dll",s
O4 - HKLM\..\Run: [9043aea8] rundll32.exe "C:\WINDOWS\system32\yagireli.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [mepahidaba] Rundll32.exe "C:\WINDOWS\system32\viheguso.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mepahidaba] Rundll32.exe "C:\WINDOWS\system32\viheguso.dll",s (User 'NETWORK SERVICE')
O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GPLog.lnk = ?
O4 - Global Startup: GreenPrint Printer Notify.lnk = ?
O4 - Global Startup: GreenPrint TrayIcon.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: GreenPrint - {554099FE-3856-4d93-86B5-0024AEF63BC7} - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPIEPlugin.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - [url]http://downloads.ewido.net/ewidoOnlineScan.cab[/url]
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - [url]http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab[/url]
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - [url]http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab[/url]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url]
O16 - DPF: {63E0388E-4CD2-4728-99CC-E3652A1AE7AD} (EzAutoLogin Control) - [url]http://203.233.205.66:8080/help/EzAutoLoginProj1.cab[/url]
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O20 - AppInit_DLLs: C:\WINDOWS\system32\zeyoheko.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9501 bytes

You are infected again, please run me an MBAM scan, a combofix scan anew HJT log in that order.

mbam log:

Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 3

11/22/2008 6:32:37 PM
mbam-log-2008-11-22 (18-32-37).txt

Scan type: Quick Scan
Objects scanned: 69578
Time elapsed: 17 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\tugufapi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\hilemebu.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{36a4ac43-59c8-422e-a9be-a6044e3df171} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{36a4ac43-59c8-422e-a9be-a6044e3df171} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\9043aea8 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\cpm93709d34 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\mepahidaba (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\hilemebu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\hilemebu.dll -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\dajifuji.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijufijad.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tugufapi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ipafugut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yagireli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilerigay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\funoyeno.dll (Trojan.BHO.H) -> Delete on reboot.
c:\WINDOWS\system32\hilemebu.dll (Trojan.BHO) -> Delete on reboot.

Combofix Log part one:

ComboFix 08-11-22.02 - Elysia 2008-11-22 18:51:02.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.187 [GMT -7:00]
Running from: c:\combofix\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\puhuzubu.dll
c:\windows\system32\zesuvizi.dll
c:\windows\system32\zeyoheko.dll.vir

.
((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))))
.

2008-11-11 17:39 . 2008-10-24 04:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 17:38 . 2008-09-04 10:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-03 03:01 . 2008-11-03 03:01 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-02 12:58 . 2008-11-02 12:59 <DIR> d-------- c:\documents and settings\Administrator
2008-10-23 16:01 . 2008-10-15 09:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-11-23 02:06 226,100,256 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-23 01:56 3,026,156 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-21 17:49 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-02 17:24 813,056 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 23:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 23:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-19 23:23 167,197 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_10_19_17_23_39_small.dmp.zip
2008-10-17 11:51 947,712 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-10-16 07:13 --------- d-----w c:\program files\Kodak
2008-10-16 07:12 --------- d-----w c:\program files\Common Files\Kodak
2008-10-16 07:06 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2008-10-16 05:10 --------- d-----w c:\documents and settings\Elysia\Application Data\MailFrontier
2008-10-14 05:58 --------- d-----w c:\documents and settings\Breanna\Application Data\Skinux
2008-10-14 05:21 --------- d-----w c:\documents and settings\Elysia\Application Data\Skinux
2008-10-13 03:55 --------- d-----w c:\documents and settings\Elysia\Application Data\Malwarebytes
2008-10-12 21:39 --------- d-----w c:\documents and settings\All Users\Application Data\vmfexkdi
2008-10-12 18:41 52,210 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_10_12_12_33_44_small.dmp.zi p
2008-10-12 18:40 --------- d-----w c:\program files\Zone Labs
2008-10-12 17:37 74,800 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_10_12_10_42_09_small.dmp.zip
2008-10-12 17:37 37,182 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_10_12_11_24_55_small.dmp.zip
2008-10-12 17:37 13,624,374 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_10_12_10_42_13_full.dmp.zip
2008-10-12 00:14 45,807 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_10_11_18_12_07_small.dmp.zip
2008-10-11 22:53 --------- d-----w c:\documents and settings\Breanna\Application Data\Malwarebytes
2008-10-11 22:53 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-10 23:54 --------- d-----w c:\program files\Panda Security
2008-10-09 20:25 73,104 ----a-w c:\windows\zllsputility.exe
2008-10-09 20:25 1,221,008 ----a-w c:\windows\system32\zpeng25.dll
2008-10-08 19:31 --------- d-----w c:\documents and settings\Breanna\Application Data\GreenPrint
2008-09-30 23:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-24 08:51 --------- d-----w c:\program files\Common Files\Pure Networks Shared
2008-09-23 02:17 --------- d-----w c:\documents and settings\Breanna\Application Data\LimeWire
2008-09-23 01:04 --------- d-----w c:\documents and settings\Elysia\Application Data\LimeWire
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-01-16 10:23 110 ----a-w c:\documents and settings\All Users\Application Data\MostFunGameId.bin
2006-06-23 08:16 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-06-20 03:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061920080 620\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-11_18.10.25.81 )))))))))))))))))))))))))))))))))))))))))

Combofix part 2:

.
+ 2008-09-15 12:25:27 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
+ 2008-09-10 01:10:56 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-08-26 09:08:35 124,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:36 347,136 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:36 214,528 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:36 132,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:36 63,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:36 153,088 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:36 230,400 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:36 380,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:37 388,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 17:26:50 6,068,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:39 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:39 267,776 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:40 27,648 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:40 459,264 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:40 52,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:43 477,696 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:44 193,024 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:44 671,232 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:44 102,912 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:44 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:44 105,984 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:45 1,162,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:45 233,472 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:45 827,904 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll

Combofix part 3:

+ 2008-08-14 10:39:28 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 21:39:46 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 10:09:44 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 22:11:10 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954211$\spuninst\spuninst .exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB954211$\spuninst\updspapi .dll
+ 2008-04-13 19:30:10 1,845,632 -c----w c:\windows\$NtUninstallKB954211$\win32k.sys
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB956391$\spuninst\spuninst .exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB956391$\spuninst\updspapi .dll
+ 2008-06-20 11:40:08 138,496 -c----w c:\windows\$NtUninstallKB956803$\afd.sys
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956803$\spuninst\spuninst .exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB956803$\spuninst\updspapi .dll
+ 2008-04-13 18:31:21 2,065,792 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
+ 2008-04-13 19:27:53 2,188,928 -c----w c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956841$\spuninst\spuninst .exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956841$\spuninst\updspapi .dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB957095$\spuninst\spuninst .exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB957095$\spuninst\updspapi .dll
+ 2008-04-13 19:15:11 334,848 -c----w c:\windows\$NtUninstallKB957095$\srv.sys
+ 2008-10-14 00:33:26 282,624 ----a-w c:\windows\assembly\GAC_32\EastmanKodakCompany.Eas yShare\1.0.2599.20758__e736f44e197b3380\EastmanKod akCompany.EasyShare.dll
+ 2008-10-16 06:26:07 282,624 ----a-w c:\windows\assembly\GAC_32\EastmanKodakCompany.Eas yShare\1.0.2698.25402__e736f44e197b3380\EastmanKod akCompany.EasyShare.dll
+ 2008-10-16 06:26:07 258,048 ----a-w c:\windows\assembly\GAC_32\EastmanKodakCompany.Eas yShare\2.0.3026.38921__e736f44e197b3380\EastmanKod akCompany.EasyShare.dll
+ 2008-10-16 07:10:11 38,400 ----a-w c:\windows\assembly\GAC_32\PeopleRecognition-Defs-PlatReq\1.1.4003.7894__b0cfd8589c27b05f\PeopleReco gnition-Defs-PlatReq.dll
+ 2008-10-14 00:33:27 3,072 ----a-w c:\windows\assembly\GAC_32\policy.1.0.EastmanKodak Company.EasyShare\1.0.0.1__e736f44e197b3380\policy .1.0.EastmanKodakCompany.EasyShare.dll
+ 2008-10-16 06:26:07 3,072 ----a-w c:\windows\assembly\GAC_32\policy.1.0.EastmanKodak Company.EasyShare\1.0.0.2__e736f44e197b3380\policy .1.0.EastmanKodakCompany.EasyShare.dll
+ 2008-10-16 07:11:28 3,072 ----a-w c:\windows\assembly\GAC_32\policy.2.0.EastmanKodak Company.EasyShare\2.0.3026.38921__e736f44e197b3380 \policy.2.0.EastmanKodakCompany.EasyShare.dll
+ 2008-10-16 07:10:09 299,008 ----a-w c:\windows\assembly\GAC_32\WicFileFormat-PlatOpt\1.0.4003.7895__b0cfd8589c27b05f\WicFileFor mat-PlatOpt.dll
+ 2008-10-16 07:10:07 86,016 ----a-w c:\windows\assembly\GAC_MSIL\VirtualCollectionBase -Defs-PlatReq\1.0.4003.7894__b0cfd8589c27b05f\VirtualCol lectionBase-Defs-PlatReq.dll
+ 2008-10-14 17:58:58 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll
+ 2008-10-14 17:58:59 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll
+ 2008-10-14 17:59:00 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll
+ 2008-10-14 17:59:05 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll
+ 2008-01-09 21:01:48 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 21:01:48 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll
+ 2008-10-14 17:59:06 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll
+ 2008-10-14 17:59:01 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 21:01:48 53,248 ----a-w c:\windows\bdoscandel.exe
+ 2008-01-09 21:01:48 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
+ 2006-07-11 16:41:36 345,656 ----a-w c:\windows\Downloaded Program Files\ewidoOnlineScan.dll
+ 2008-01-09 21:01:48 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-14 10:09:26 2,145,280 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-10-21 02:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2005-10-21 02:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-06-23 16:57:27 124,928 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 16:57:40 3,592,192 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:39 477,696 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll

Combofix part 4:

+ 2008-06-23 16:57:40 671,232 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-10-16 07:10:14 92,854 ----a-r c:\windows\Installer\{42938595-0D83-404D-9F73-F8177FDD531A}\EasyShareDesktopShortcut10.exe
+ 2008-10-16 07:10:14 92,854 ----a-r c:\windows\Installer\{42938595-0D83-404D-9F73-F8177FDD531A}\EasyShareStartMenu10_1.exe
+ 2008-10-16 07:10:14 92,854 ----a-r c:\windows\Installer\{42938595-0D83-404D-9F73-F8177FDD531A}\EasyShareStartupShortcut10.exe
+ 2008-11-12 10:02:21 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-02-27 10:01:34 32,768 ----a-r c:\windows\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
+ 2008-11-03 10:01:34 32,768 ----a-r c:\windows\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2008-02-27 05:46:12 45,056 ----a-r c:\windows\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}\PdockShortcut4.exe
+ 2008-10-16 07:13:35 45,056 ----a-r c:\windows\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}\PdockShortcut4.exe
- 2008-02-27 05:46:12 135,168 ----a-r c:\windows\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}\PdockShortcut5.exe
+ 2008-10-16 07:13:35 135,168 ----a-r c:\windows\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}\PdockShortcut5.exe
+ 2008-11-23 01:39:08 24,576 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Tempo rary ASP.NET Files\neodesk\6d5ebb38\6aa9f985\_8-ice78.dll
+ 2008-11-23 01:39:06 4,096 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Tempo rary ASP.NET Files\neodesk\6d5ebb38\6aa9f985\8xll9mef.dll
+ 2008-11-23 01:39:04 3,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Tempo rary ASP.NET Files\neodesk\6d5ebb38\6aa9f985\gssv4nk_.dll
+ 2008-11-02 21:10:50 4,096 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Tempo rary ASP.NET Files\neodesk\6d5ebb38\6aa9f985\ocq8qgk0.dll
+ 2008-11-21 19:35:27 4,096 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Tempo rary ASP.NET Files\neodesk\6d5ebb38\6aa9f985\xpclmvcs.dll
+ 2008-10-15 18:35:48 126,976 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Tempo rary ASP.NET Files\neoedge.services.agent.webservices\a080509e\ f3182ee5\assembly\tmp\X4AGLRW2\NeoEdge.Services.Ag ent.dll
- 2000-08-31 14:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 15:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 14:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 15:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2008-06-23 16:57:27 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-06-23 16:57:27 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2008-06-20 11:40:08 138,496 -c----w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 10:04:36 138,496 -c----w c:\windows\system32\dllcache\afd.sys
- 2008-06-23 16:57:27 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-06-23 16:57:27 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-06-23 16:57:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-06-23 09:20:25 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-06-23 16:57:29 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-06-23 16:57:29 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-06-23 16:57:33 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-06-23 16:57:34 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-06-23 09:20:52 625,664 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-06-23 16:57:35 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2008-06-23 16:57:36 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-06-23 16:57:36 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-06-24 16:57:40 3,592,192 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll

Combofix part 5:

- 2008-06-23 16:57:39 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-06-23 16:57:39 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-06-23 16:57:40 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-08-14 10:09:26 2,145,280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-06-23 16:57:40 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-06-23 16:57:40 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys
- 2008-06-23 16:57:40 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-06-23 16:57:40 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-13 18:45:34 15,104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
- 2008-06-23 16:57:41 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-09-15 12:12:56 1,846,400 -c----w c:\windows\system32\dllcache\win32k.sys
- 2008-06-23 16:57:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2008-06-20 11:40:08 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w c:\windows\system32\drivers\afd.sys
- 2006-10-18 10:00:00 2,432 ----a-w c:\windows\system32\drivers\cdr4_xp.sys
+ 2007-02-02 09:00:00 9,336 ----a-w c:\windows\system32\drivers\cdr4_xp.sys
- 2006-10-18 10:00:00 2,560 ----a-w c:\windows\system32\drivers\cdralw2k.sys
+ 2007-02-02 09:00:00 9,464 ----a-w c:\windows\system32\drivers\cdralw2k.sys
- 2008-06-04 05:01:58 147,984 ----a-w c:\windows\system32\drivers\klif.sys
+ 2008-09-19 00:15:14 148,496 ----a-w c:\windows\system32\drivers\klif.sys
- 2008-06-11 00:07:16 43,528 ------w c:\windows\system32\drivers\pxhelp20.sys
+ 2007-03-29 09:00:00 43,528 ----a-w c:\windows\system32\drivers\pxhelp20.sys
- 2008-04-13 19:15:11 334,848 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-09-08 10:41:42 333,824 ----a-w c:\windows\system32\drivers\srv.sys
+ 2007-03-29 14:56:10 68,344 ----a-w c:\windows\system32\drvins64.exe
+ 2007-06-06 15:18:02 45,056 -c--a-w c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953E AB6D8D8F5CDA37DE77C0E1A\KPDDynCC.DLL
+ 2007-06-06 15:37:36 258,048 -c--a-w c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953E AB6D8D8F5CDA37DE77C0E1A\KPDGDI.dll
+ 2007-06-06 15:36:46 28,672 -c--a-w c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953E AB6D8D8F5CDA37DE77C0E1A\KPDGPD.dll
+ 2007-06-06 15:25:20 40,960 -c--a-w c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953E AB6D8D8F5CDA37DE77C0E1A\KPDLM.dll
+ 2007-06-06 15:18:12 196,608 -c--a-w c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953E AB6D8D8F5CDA37DE77C0E1A\KPDRES.dll
+ 2007-06-06 15:37:24 278,528 -c--a-w c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953E AB6D8D8F5CDA37DE77C0E1A\KPDUI.dll
+ 2007-06-06 15:46:10 229,376 -c--a-w c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953E AB6D8D8F5CDA37DE77C0E1A\KPDVS.dll
+ 2007-06-06 15:57:12 2,363,392 -c--a-w c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953E AB6D8D8F5CDA37DE77C0E1A\xerces-c_2_7.dll
- 2008-06-23 16:57:27 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-06-20 03:27:08 423,024 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-10-15 09:19:35 423,024 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-06-23 16:57:28 63,488 ----a-w c:\windows\system32\icardie.dll

Combofix part 6:

+ 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-06-23 09:20:25 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-06-23 16:57:29 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-06-23 16:57:33 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-06-23 16:57:34 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-06-23 16:57:35 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-11-27 23:36:28 331,776 ----a-r c:\windows\system32\KPDPM.dll
+ 2007-06-06 15:38:14 344,064 ----a-w c:\windows\system32\KPDPM.dll
- 2006-11-27 23:37:28 233,472 ----a-r c:\windows\system32\KPDPMUI.dll
+ 2007-06-06 15:38:40 237,568 ----a-w c:\windows\system32\KPDPMUI.dll
+ 2007-06-06 15:18:12 196,608 ----a-w c:\windows\system32\KPDRES.DLL
- 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2008-03-25 03:21:20 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUt il.exe
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUt il.exe
- 2008-06-14 00:53:29 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugi n.exe
+ 2008-11-11 00:24:04 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugi n.exe
- 2008-06-23 16:57:36 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-06-24 16:57:40 3,592,192 ----a-w c:\windows\system32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-06-23 16:57:39 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-06-23 16:57:40 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
- 2003-04-18 23:29:26 82,432 ----a-w c:\windows\system32\msxml4r.dll
+ 2003-04-18 22:29:26 82,432 ----a-w c:\windows\system32\msxml4r.dll
- 2008-04-14 00:12:01 337,408 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\system32\netapi32.dll
- 2008-04-13 18:31:21 2,065,792 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2008-04-13 19:27:53 2,188,928 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 10:11:02 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
- 2008-06-23 16:57:40 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-09-25 03:22:27 63,732 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-02 17:29:49 63,732 ----a-w c:\windows\system32\perfc009.dat
- 2008-09-25 03:22:27 406,658 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-02 17:29:49 406,658 ----a-w c:\windows\system32\perfh009.dat
- 2008-06-23 16:57:40 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2006-04-20 20:27:00 64,512 ----a-r c:\windows\system32\ptpitcp.dll
+ 2007-02-08 07:40:10 64,512 ----a-w c:\windows\system32\ptpitcp.dll
- 2008-06-11 00:07:14 551,672 ----a-w c:\windows\system32\px.dll
+ 2007-04-04 23:08:46 551,672 ----a-w c:\windows\system32\Px.dll
- 2008-06-11 00:07:14 129,784 ------w c:\windows\system32\PxAFS.DLL
+ 2007-04-04 23:08:48 129,784 ----a-w c:\windows\system32\PxAFS.DLL
- 2008-06-11 00:07:14 66,296 ------w c:\windows\system32\pxcpya64.exe

Combofix part 7:

+ 2007-03-29 14:56:16 66,296 ----a-w c:\windows\system32\pxcpya64.exe
- 2008-06-11 00:07:16 120,056 ------w c:\windows\system32\pxcpyi64.exe
+ 2007-03-29 14:56:14 120,056 ----a-w c:\windows\system32\pxcpyi64.exe
- 2008-06-11 00:07:16 518,904 ------w c:\windows\system32\pxdrv.dll
+ 2007-03-23 07:02:00 518,904 ----a-w c:\windows\system32\pxdrv.dll
- 2008-06-11 00:07:14 64,760 ------w c:\windows\system32\pxinsa64.exe
+ 2007-03-29 14:56:12 64,760 ----a-w c:\windows\system32\pxinsa64.exe
- 2008-06-11 00:07:16 118,520 ------w c:\windows\system32\pxinsi64.exe
+ 2007-03-29 14:56:14 118,520 ----a-w c:\windows\system32\pxinsi64.exe
- 2008-06-11 00:07:16 187,128 ------w c:\windows\system32\PxMas.dll
+ 2007-04-04 23:08:50 187,128 ----a-w c:\windows\system32\PxMas.dll
- 2008-06-11 00:07:16 1,628,920 ------w c:\windows\system32\PxSFS.DLL
+ 2007-04-04 23:08:52 1,628,920 ----a-w c:\windows\system32\PxSFS.DLL
- 2008-06-11 00:07:16 379,640 ------w c:\windows\system32\PxWave.dll
+ 2007-04-04 23:08:54 379,640 ----a-w c:\windows\system32\PxWave.dll
- 2006-11-21 19:53:06 158,456 ------w c:\windows\system32\pxwma.dll
+ 2007-04-04 23:08:56 158,456 ----a-w c:\windows\system32\pxwma.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-06-23 16:57:40 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-22 02:41:08 107,408 ----a-w c:\windows\system32\vsdata.dll
+ 2008-10-09 20:25:20 107,408 ----a-w c:\windows\system32\vsdata.dll
- 2008-08-22 02:41:40 353,680 ----a-w c:\windows\system32\vsdatant.sys
+ 2008-10-09 20:25:36 353,680 ----a-w c:\windows\system32\vsdatant.sys
- 2008-08-22 02:41:08 215,440 ----a-w c:\windows\system32\vsinit.dll
+ 2008-10-09 20:25:20 216,464 ----a-w c:\windows\system32\vsinit.dll
- 2008-08-22 02:41:10 107,408 ----a-w c:\windows\system32\vsmonapi.dll
+ 2008-10-09 20:25:22 107,408 ----a-w c:\windows\system32\vsmonapi.dll
- 2008-08-22 02:41:10 310,160 ----a-w c:\windows\system32\vspubapi.dll
+ 2008-10-09 20:25:22 310,160 ----a-w c:\windows\system32\vspubapi.dll
- 2008-08-22 02:41:10 58,768 ----a-w c:\windows\system32\vsregexp.dll
+ 2008-10-09 20:25:22 58,768 ----a-w c:\windows\system32\vsregexp.dll
- 2008-08-22 02:41:10 475,536 ----a-w c:\windows\system32\vsutil.dll
+ 2008-10-09 20:25:22 475,536 ----a-w c:\windows\system32\vsutil.dll
- 2008-08-22 02:41:12 30,096 ----a-w c:\windows\system32\vswmi.dll
+ 2008-10-09 20:25:22 30,096 ----a-w c:\windows\system32\vswmi.dll
- 2008-08-22 02:41:12 110,480 ----a-w c:\windows\system32\vsxml.dll
+ 2008-10-09 20:25:24 110,480 ----a-w c:\windows\system32\vsxml.dll
- 2008-06-11 00:07:14 88,824 ------w c:\windows\system32\VXBLOCK.dll
+ 2007-03-26 07:00:00 88,824 ----a-w c:\windows\system32\vxblock.dll
- 2008-06-23 16:57:41 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-22 02:41:12 69,008 ----a-w c:\windows\system32\zlcomm.dll
+ 2008-10-09 20:25:24 69,008 ----a-w c:\windows\system32\zlcomm.dll
- 2008-08-22 02:41:12 106,384 ----a-w c:\windows\system32\zlcommdb.dll
+ 2008-10-09 20:25:24 106,384 ----a-w c:\windows\system32\zlcommdb.dll
- 2008-10-02 20:54:51 4,212 ---ha-w c:\windows\system32\zllictbl.dat
+ 2008-11-02 19:39:32 4,212 ---ha-w c:\windows\system32\zllictbl.dat
- 2008-08-22 02:41:02 395,152 ----a-w c:\windows\system32\ZoneLabs\av.dll
+ 2008-10-09 20:25:16 395,664 ----a-w c:\windows\system32\ZoneLabs\av.dll
- 2008-10-11 03:43:14 458,260 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-11-23 01:57:51 480,296 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2008-08-22 02:41:02 76,176 ----a-w c:\windows\system32\ZoneLabs\camupd.dll
+ 2008-10-09 20:25:18 76,176 ----a-w c:\windows\system32\ZoneLabs\camupd.dll

Combofix part 8:

- 2008-08-22 02:41:04 98,192 ----a-w c:\windows\system32\ZoneLabs\fbl.dll
+ 2008-10-09 20:25:18 98,192 ----a-w c:\windows\system32\ZoneLabs\fbl.dll
- 2008-08-22 02:41:04 38,288 ----a-w c:\windows\system32\ZoneLabs\featuremap.dll
+ 2008-10-09 20:25:18 38,288 ----a-w c:\windows\system32\ZoneLabs\featuremap.dll
- 2008-08-22 02:41:04 158,608 ----a-w c:\windows\system32\ZoneLabs\httpblocker.dll
+ 2008-10-09 20:25:18 159,120 ----a-w c:\windows\system32\ZoneLabs\httpblocker.dll
- 2008-08-22 02:41:42 28,048 ----a-w c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2008-10-09 20:25:40 28,048 ----a-w c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
- 2008-08-22 02:41:42 322,960 ----a-w c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip. dll
+ 2008-10-09 20:25:40 322,960 ----a-w c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip. dll
- 2008-08-22 02:41:44 125,328 ----a-w c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2008-10-09 20:25:40 125,328 ----a-w c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
- 2008-08-22 02:41:44 331,664 ----a-w c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2008-10-09 20:25:40 331,664 ----a-w c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
- 2008-08-22 02:41:44 10,128 ----a-w c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2008-10-09 20:25:40 10,128 ----a-w c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
- 2008-08-22 02:41:44 17,808 ----a-w c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2008-10-09 20:25:40 17,808 ----a-w c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
- 2008-08-22 02:41:44 110,992 ----a-w c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2008-10-09 20:25:42 110,992 ----a-w c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
- 2008-08-22 02:41:44 238,992 ----a-w c:\windows\system32\ZoneLabs\lib\Sandbox.zip.dll
+ 2008-10-09 20:25:42 238,992 ----a-w c:\windows\system32\ZoneLabs\lib\Sandbox.zip.dll
- 2008-08-22 02:41:44 156,048 ----a-w c:\windows\system32\ZoneLabs\lib\TrayTest.zip.dll
+ 2008-10-09 20:25:42 156,048 ----a-w c:\windows\system32\ZoneLabs\lib\TrayTest.zip.dll
- 2008-08-22 02:41:46 19,856 ----a-w c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2008-10-09 20:25:42 19,856 ----a-w c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
- 2008-08-22 02:41:46 43,920 ----a-w c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2008-10-09 20:25:42 43,920 ----a-w c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
- 2008-08-22 02:41:46 19,344 ----a-w c:\windows\system32\ZoneLabs\lib\zic.zip.dll
+ 2008-10-09 20:25:42 19,344 ----a-w c:\windows\system32\ZoneLabs\lib\zic.zip.dll
- 2008-08-22 02:41:46 13,712 ----a-w c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2008-10-09 20:25:42 13,712 ----a-w c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
- 2008-08-22 02:41:46 24,464 ----a-w c:\windows\system32\ZoneLabs\lib\zp4pc.zip.dll
+ 2008-10-09 20:25:42 24,464 ----a-w c:\windows\system32\ZoneLabs\lib\zp4pc.zip.dll
- 2008-08-22 02:41:46 30,608 ----a-w c:\windows\system32\ZoneLabs\lib\zpdp.zip.dll
+ 2008-10-09 20:25:42 30,608 ----a-w c:\windows\system32\ZoneLabs\lib\zpdp.zip.dll
- 2008-08-22 02:41:46 1,536,400 ----a-w c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-10-09 20:25:42 1,536,400 ----a-w c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
- 2008-08-22 02:41:48 18,832 ----a-w c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2008-10-09 20:25:42 18,832 ----a-w c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
- 2008-08-22 02:41:48 70,032 ----a-w c:\windows\system32\ZoneLabs\lib\ztv.zip.dll
+ 2008-10-09 20:25:44 70,032 ----a-w c:\windows\system32\ZoneLabs\lib\ztv.zip.dll
- 2008-08-22 02:41:48 114,064 ----a-w c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-10-09 20:25:44 114,064 ----a-w c:\windows\system32\ZoneLabs\lib\zui.zip.dll
- 2008-08-22 02:41:48 59,792 ----a-w c:\windows\system32\ZoneLabs\lib\zvpn.zip.dll
+ 2008-10-09 20:25:44 59,792 ----a-w c:\windows\system32\ZoneLabs\lib\zvpn.zip.dll
- 2008-08-22 02:41:06 132,496 ----a-w c:\windows\system32\ZoneLabs\scheduler.dll
+ 2008-10-09 20:25:20 132,496 ----a-w c:\windows\system32\ZoneLabs\scheduler.dll
- 2008-10-09 22:11:51 10,199,767 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
+ 2008-11-21 18:45:56 10,346,117 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
- 2008-09-15 22:22:35 9,900,691 ----a-w c:\windows\system32\ZoneLabs\spyware0.dat
+ 2008-10-16 01:09:01 9,900,691 ----a-w c:\windows\system32\ZoneLabs\spyware0.dat
- 2008-08-22 02:41:06 443,280 ----a-w c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2008-10-09 20:25:20 443,280 ----a-w c:\windows\system32\ZoneLabs\ssleay32.dll
- 2008-08-22 02:41:30 176,016 ----a-w c:\windows\system32\ZoneLabs\updclient.exe
+ 2008-10-09 20:25:32 176,016 ----a-w c:\windows\system32\ZoneLabs\updclient.exe
- 2008-08-22 02:41:08 106,896 ----a-w c:\windows\system32\ZoneLabs\vsdb.dll
+ 2008-10-09 20:25:20 106,896 ----a-w c:\windows\system32\ZoneLabs\vsdb.dll
- 2008-08-22 02:41:32 2,405,776 ----a-w c:\windows\system32\ZoneLabs\vsmon.exe
+ 2008-10-09 20:25:32 2,405,776 ----a-w c:\windows\system32\ZoneLabs\vsmon.exe
- 2008-08-22 02:41:10 1,655,184 ----a-w c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2008-10-09 20:25:22 1,655,184 ----a-w c:\windows\system32\ZoneLabs\vsruledb.dll
- 2008-08-22 02:41:10 172,432 ----a-w c:\windows\system32\ZoneLabs\vsvault.dll
+ 2008-10-09 20:25:22 172,432 ----a-w c:\windows\system32\ZoneLabs\vsvault.dll
- 2008-08-22 02:41:12 178,576 ----a-w c:\windows\system32\ZoneLabs\zlparser.dll
+ 2008-10-09 20:25:24 178,576 ----a-w c:\windows\system32\ZoneLabs\zlparser.dll
- 2008-09-23 04:10:02 282,624 ----a-w c:\windows\system32\ZoneLabs\zlqrtdb.dat
+ 2008-11-21 19:04:10 4,288,000 ----a-w c:\windows\system32\ZoneLabs\zlqrtdb.dat
- 2008-08-22 02:41:14 98,192 ----a-w c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2008-10-09 20:25:24 98,192 ----a-w c:\windows\system32\ZoneLabs\zlquarantine.dll

Combofix part 9:

- 2008-08-22 02:41:14 311,696 ----a-w c:\windows\system32\ZoneLabs\zlsre.dll
+ 2008-10-09 20:25:24 311,696 ----a-w c:\windows\system32\ZoneLabs\zlsre.dll
- 2008-08-22 02:41:16 110,480 ----a-w c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2008-10-09 20:25:24 110,480 ----a-w c:\windows\system32\ZoneLabs\zlupdate.dll
- 2008-02-27 05:41:42 1,233,920 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2008-10-16 07:09:52 1,233,920 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2008-09-30 23:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
- 2008-02-27 05:41:43 82,432 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf3 45378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2007-04-18 17:36:40 82,432 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf3 45378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2008-09-30 23:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf3 45378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
- 2006-12-02 05:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 04:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
- 2006-12-02 05:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 04:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-12-02 05:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 04:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-02 05:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 04:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-02 07:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 06:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
- 2006-12-02 07:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 06:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-02 07:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 06:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
- 2006-12-02 07:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 06:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-02 07:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 06:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
- 2006-12-02 07:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 06:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-02 07:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 06:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-02 07:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 06:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
- 2006-12-02 07:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 06:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-02 07:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 06:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-02 07:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 06:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-02 07:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 06:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-02 07:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 06:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-28 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"GPPrinterNotify"="c:\program files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe" [2008-06-25 595872]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904]

Combofix part 10:

c:\documents and settings\Elysia\Start Menu\Programs\Startup\
MostFun.lnk - c:\program files\MostFun\Bin\MostFun.exe [2007-08-28 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
GPLog.lnk - c:\program files\GreenPrint Technologies\GreenPrint World\LOGWnd.exe [2008-07-24 21904]
GreenPrint Printer Notify.lnk - c:\program files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe [2008-07-24 595872]
GreenPrint TrayIcon.lnk - c:\program files\GreenPrint Technologies\GreenPrint World\GPTray.exe [2008-07-24 272272]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-07-07 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-09-04 65588]
Microsoft Works Calendar Reminders.lnk - c:\windows\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe [2006-06-28 29184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JJPG"= jl_jjpg.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MostFun\\Bin\\MostFun.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningPr ocess.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [2008-10-10 28544]
R3 ati2mtaa;ati2mtaa;c:\windows\system32\DRIVERS\ati2 mtaa.sys [2006-06-20 327040]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2005-03-22 450400]
S3 JL2001;Telemax WebCam WC-50;c:\windows\system32\Drivers\videocap.sys [2002-01-10 173768]
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{36a4ac43-59c8-422e-a9be-a6044e3df171} - c:\windows\system32\funoyeno.dll
HKLM-Run-mepahidaba - c:\windows\system32\viheguso.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Elysia\Application Data\Mozilla\Firefox\Profiles\xfiav6h6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.google.com/
.

************************************************** ************************

Combofix part 11:

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 19:00:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\WgaLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\windows\system32\wbem\unsecapp.exe
.
************************************************** ************************
.
Completion time: 2008-11-22 19:09:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-23 02:09:30
ComboFix2.txt 2008-10-12 00:10:58

Pre-Run: 37,888,827,392 bytes free
Post-Run: 39,966,892,032 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

689 --- E O F --- 2008-11-12 10:06:24

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:13 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\GreenPrint Technologies\GreenPrint World\GPTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MostFun\Bin\MostFun.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Elysia\My Documents\Software\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GPPrinterNotify] "C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GPLog.lnk = ?
O4 - Global Startup: GreenPrint Printer Notify.lnk = ?
O4 - Global Startup: GreenPrint TrayIcon.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: GreenPrint - {554099FE-3856-4d93-86B5-0024AEF63BC7} - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPIEPlugin.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - [url]http://downloads.ewido.net/ewidoOnlineScan.cab[/url]
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - [url]http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab[/url]
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - [url]http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab[/url]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url]
O16 - DPF: {63E0388E-4CD2-4728-99CC-E3652A1AE7AD} (EzAutoLogin Control) - [url]http://203.233.205.66:8080/help/EzAutoLoginProj1.cab[/url]
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8565 bytes

Your log looks better, how is it running....

It's running really good now. No pop-ups and things are looking clean. Thanks for your time and support classicsoftware! I will give a donation now to the tip jar.:)

Please print out all of my suggestions for keeping clean and follow them. Get rid of Acrobat Reader for one.....