Unable to delete vundo trojan

I ran VundoFix twice and it found one file but I'm still getting my virus warning. The file name in the virus warning is hggecbc.dll Here's my VundoFix.txt and new HijackThis:

VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 11:28:27 PM 11/19/2007

Listing files found while scanning....

C:\windows\system32\ryhmchmb.dll

Beginning removal...

Attempting to delete C:\windows\system32\ryhmchmb.dll
C:\windows\system32\ryhmchmb.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 11:43:53 PM 11/19/2007

Listing files found while scanning....

No infected files were found.



HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:08 AM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a8637306] "rundll32.exe" "C:\WINDOWS\system32\ljlkvnhg.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [RemoveIT Pro XT] "C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - (no file)
O22 - SharedTaskScheduler: {210b4043-35ca-4aa0-8796-191f9663dfb3} - altmannsberger - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8778 bytes


Also, not sure if it will be any help but I usually use Firefox as my main web browser, and I recently download the latest version of Java and used Add/Remove programs to remove all the previous versions I saw.

Thanks!

Ok, Here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:20 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\H.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: (no name) - {01CD0B31-9154-45F2-9414-F5D64B74EAF6} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16BA5F9C-0DB4-4710-B114-9BC4C6DEBEBE} - (no file)
O2 - BHO: (no name) - {2A6BE75D-DD7B-4319-82A5-F49534F420A5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {604F6CDC-400B-4824-83A6-193B9B9F1C6A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: (no name) - {B5666C2A-B38D-4A7D-87FB-7BFCFF9A10AA} - (no file)
O2 - BHO: (no name) - {E70A5C3F-8D21-433D-88A3-15044FCED394} - C:\WINDOWS\system32\awtsq.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [a8637306] "rundll32.exe" "C:\WINDOWS\system32\xkkymkru.dll",b
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [RemoveIT Pro XT] "C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O20 - Winlogon Notify: hggecbc - C:\WINDOWS\SYSTEM32\hggecbc.dll
O20 - Winlogon Notify: wgmhlvam - wgmhlvam.dll (file missing)
O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - (no file)
O22 - SharedTaskScheduler: {210b4043-35ca-4aa0-8796-191f9663dfb3} - altmannsberger - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10102 bytes

Hey, I followed your instructions as best I could, but twice I ran the VundoFix, and after starting the removal I got an error that said that the system had to automatically shut down (not the typical prompt from the VundoFix program) because the C:\Windows\system32\lsass.exe ecountered a status value of zero or something similar, and gave a one minute countdown, after which the system rebooted. The VundoFix logs only say Beginning Removal... for each attempt, followed by a carriage return and nothing after. Also, is it normal that when I use the VundoFix program, that no text appears in the command buttons (Scan for Vundo, Remove Vundo, etc.)? I think it may be interfering with the manual removal, and I have tried to remove the program and reload it before without any changes.

As far as the HijackThis, I followed your directions on this as well, but after the fix and reboot, everytime the program tries to create a log, HijackThis freezes. I was still able create a log by scanning only and then saving a log separately, and I've included it for your review.

Thanks again for bearing with me!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:21 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\John\services.exe
C:\Program Files\Trend Micro\HijackThis\H.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: (no name) - {01CD0B31-9154-45F2-9414-F5D64B74EAF6} - C:\WINDOWS\system32\hggecbc.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: (no name) - {C6F5B9AE-93DD-47B8-9AA4-6E671BFF6BBB} - C:\WINDOWS\system32\awtsq.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O20 - Winlogon Notify: hggecbc - C:\WINDOWS\SYSTEM32\hggecbc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Unknown owner - VundoFixSVC.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9270 bytes

Right, sorry. Thanks again for your patience.



VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 11:28:27 PM 11/19/2007

Listing files found while scanning....

C:\windows\system32\ryhmchmb.dll

Beginning removal...

Attempting to delete C:\windows\system32\ryhmchmb.dll
C:\windows\system32\ryhmchmb.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 11:43:53 PM 11/19/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Beginning removal...

Beginning removal...

Beginning removal...

VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 11:41:40 PM 11/21/2007

Listing files found while scanning....

C:\WINDOWS\system32\hggecbc.dll

Beginning removal...

Beginning removal...





All the times it says beginning removal, that's when I attempted your directions, but each time I got the same system shutdown procedure countdown that I described in my last post.

Here you go. Hope you had a happy thanksgiving.


ComboFix 07-11-19.3 - John 2007-11-24 0:38:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1475 [GMT -6:00]
Running from: C:\Documents and Settings\John\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
C:\Documents and Settings\John\Application Data\macromedia\Flash Player\#SharedObjects\7VYFGH7A\www.broadcaster.com
C:\Documents and Settings\John\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\John\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\John\Favorites\Online Security Guide.lnk
C:\svchost.exe
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\calbxcbo.ini2
C:\WINDOWS\system32\calbxcbo.tmp
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qstwa.ini2

.
((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))
.

2007-11-23 00:18 290,816 --a------ C:\Documents and Settings\John\winlogo.exe
2007-11-23 00:18 113 --a------ C:\Documents and Settings\John\3333.bat
2007-11-22 00:03 37,376 --a------ C:\WINDOWS\system32\cbxwvts.dll
2007-11-21 00:16 37,376 --a------ C:\WINDOWS\system32\mljkjhe.dll
2007-11-20 21:12 37,376 --a------ C:\WINDOWS\system32\jkkhihh.dll
2007-11-19 23:30 354 --ahs---- C:\WINDOWS\system32\ghnvkljl.ini
2007-11-19 19:06 d-------- C:\Program Files\Trend Micro
2007-11-19 18:41 37,376 --a------ C:\WINDOWS\system32\cbxvtst.dll
2007-11-18 20:36 d-------- C:\Program Files\InCode Solutions
2007-11-18 20:26 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-18 20:24 5,387 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-18 19:58 d-------- C:\VundoFix Backups
2007-11-18 19:07 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-18 01:23 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-11-18 01:19 85,056 --a------ C:\WINDOWS\system32\jejcttdu.dll
2007-11-18 01:15 d-------- C:\Program Files\Enigma Software Group
2007-11-18 01:11 d-------- C:\Documents and Settings\John\Application Data\AdwareAlert
2007-11-17 00:49 85,056 --a------ C:\WINDOWS\system32\hirkdnqb.dll
2007-11-17 00:49 294 --ahs---- C:\WINDOWS\system32\bqndkrih.ini
2007-11-15 20:52 669,611 --ahs---- C:\WINDOWS\system32\hertpamw.ini
2007-11-15 20:49 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-11-14 20:47 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-14 20:33 d-------- C:\Documents and Settings\John\Application Data\Grisoft
2007-11-14 20:33 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 20:33 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-14 20:16 414 --ahs---- C:\WINDOWS\system32\jtyhypgc.ini
2007-11-14 19:54 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-14 19:03 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 18:49 d-------- C:\Temp\abW9
2007-11-14 18:49 d-------- C:\Temp
2007-11-13 12:28 36,352 --a------ C:\WINDOWS\system32\hggecbc.dll
2007-11-13 01:44 d-------- C:\Program Files\BFG
2007-11-12 22:15 d-------- C:\PSFONTS
2007-11-12 22:15 d-------- C:\Program Files\Finale NotePad 2008
2007-11-09 00:14 d-------- C:\Program Files\iTunes
2007-11-09 00:14 d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 08:17 6,788 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-23 06:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-20 06:34 85,056 ----a-w C:\WINDOWS\system32\xkkymkru.dll
2007-11-19 02:26 --------- d-----w C:\Program Files\Java
2007-11-16 02:52 85,056 ----a-w C:\WINDOWS\system32\wmaptreh.dll
2007-11-16 02:48 164 ----a-w C:\install.dat
2007-11-13 19:01 --------- d-----w C:\Program Files\Three Rings Design
2007-11-13 18:57 --------- d-----w C:\Program Files\LimeWire
2007-11-13 18:40 --------- d-----w C:\Program Files\Yahoo! Games
2007-11-13 18:40 --------- d-----w C:\Program Files\WildTangent
2007-11-13 18:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-13 18:31 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-11-09 06:13 --------- d-----w C:\Program Files\QuickTime
2007-11-06 21:07 --------- d-----w C:\Program Files\Starcraft
2007-10-28 03:14 --------- d-----w C:\Documents and Settings\John\Application Data\Hamachi
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-16 03:46 --------- d-----w C:\Program Files\AIM6
2007-10-16 03:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-11 21:33 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-10-11 21:33 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-10-03 02:03 --------- d-----w C:\Program Files\Warcraft III
2007-10-01 22:40 1,526,072 ----a-w C:\WINDOWS\WRSetup.dll
2007-10-01 22:24 23,864 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2007-10-01 22:24 21,816 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2007-10-01 22:24 163,640 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2007-09-30 21:07 --------- d-----w C:\Documents and Settings\John\Application Data\AdobeUM
2007-07-22 04:55 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-05-17 01:30 1,582 ----a-w C:\Program Files\LimeWire 4.12.11.lnk
2007-05-17 01:29 3,098,056 -c--a-w C:\Program Files\LimeWireWin.exe
2007-01-10 18:15 839,694 ----a-w C:\WINDOWS\Fonts\Crack.exe
2006-09-17 02:16 97,673 -c--a-w C:\Program Files\Message 111
2007-04-18 06:51 56 --sh--r C:\WINDOWS\system32\ 0ED0013C63.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
2007-11-13 12:28 36352 --a------ C:\WINDOWS\system32\hggecbc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6F5B9AE-93DD-47B8-9AA4-6E671BFF6BBB}]
C:\WINDOWS\system32\awtsq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 14:22]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"RemoveIT Pro XT"="C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe" [2007-10-21 15:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 04:00 C:\WINDOWS\system32\rundll32.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-13 23:24]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-02-07 13:36:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\hggecbc.dll [2007-11-13 12:28 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggecbc]
hggecbc.dll 2007-11-13 12:28 36352 C:\WINDOWS\system32\hggecbc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-15 09:44 839680 --a------ C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 00:05 127035 --a--c--- C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 00:02 86016 --a--c--- C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-09 19:29 49152 -----c--- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-09 18:24 50760 --a------ C:\Program Files\Common Files\AOL\1148764823\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-28 10:55 667718 --a------ C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 10:59 124520 --a--c--- C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-02 18:36 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 01:24 20480 --------- C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
2003-10-07 08:48 147514 --a--c--- C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-29 03:56 761947 --a--c--- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{413e4fd4-d356-11db-a233-00038a000015}]
\Shell\AutoRun\command - E:\Programs\nu2menu\nu2menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b3fe95-037a-11dc-a264-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-11-18 09:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-11-15 18:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-17 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DOLANLAPTOP-John).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-11-18 07:19:30 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 00:49:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-24 0:52:05 - machine was rebooted
.
--- E O F ---

Here's the log. I'm no longer getting a warning from my anti-virus program, so it looks like we're making headway.


ComboFix 07-11-19.3 - John 2007-11-24 14:41:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1470 [GMT -6:00]
Running from: C:\Documents and Settings\John\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\John\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\John\3333.bat
C:\Documents and Settings\John\winlogo.exe
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\bqndkrih.ini
C:\WINDOWS\system32\cbxvtst.dll
C:\WINDOWS\system32\cbxwvts.dll
C:\WINDOWS\system32\ghnvkljl.ini
C:\WINDOWS\system32\hertpamw.ini
C:\WINDOWS\system32\hggecbc.dll
C:\WINDOWS\system32\hirkdnqb.dll
C:\WINDOWS\system32\jejcttdu.dll
C:\WINDOWS\system32\jkkhihh.dll
C:\WINDOWS\system32\jtyhypgc.ini
C:\WINDOWS\system32\mljkjhe.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\wmaptreh.dll
C:\WINDOWS\system32\xkkymkru.dll
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\John\3333.bat
C:\Documents and Settings\John\Application Data\AdwareAlert
C:\Documents and Settings\John\Application Data\AdwareAlert\Log\2007 Nov 18 - 01_11_11 AM_046.log
C:\Documents and Settings\John\Application Data\AdwareAlert\Log\2007 Nov 18 - 01_11_13 AM_546.log
C:\Documents and Settings\John\Application Data\AdwareAlert\Log\2007 Nov 18 - 02_15_43 AM_843.log
C:\Documents and Settings\John\Application Data\AdwareAlert\rs.dat
C:\Documents and Settings\John\Application Data\AdwareAlert\Settings\ScanResults.pie
C:\Documents and Settings\John\winlogo.exe
C:\Temp\abW9
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\system32\bqndkrih.ini
C:\WINDOWS\system32\cbxvtst.dll
C:\WINDOWS\system32\cbxwvts.dll
C:\WINDOWS\system32\ghnvkljl.ini
C:\WINDOWS\system32\hertpamw.ini
C:\WINDOWS\system32\hggecbc.dll
C:\WINDOWS\system32\hirkdnqb.dll
C:\WINDOWS\system32\jejcttdu.dll
C:\WINDOWS\system32\jkkhihh.dll
C:\WINDOWS\system32\jtyhypgc.ini
C:\WINDOWS\system32\mljkjhe.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\wmaptreh.dll
C:\WINDOWS\system32\xkkymkru.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))
.

2007-11-20 00:35 654 --ahs---- C:\WINDOWS\system32\urkmykkx.ini
2007-11-19 19:06 d-------- C:\Program Files\Trend Micro
2007-11-18 20:36 d-------- C:\Program Files\InCode Solutions
2007-11-18 20:26 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-18 20:24 5,387 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-18 19:58 d-------- C:\VundoFix Backups
2007-11-18 19:07 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-18 01:23 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-11-18 01:19 294 --ahs---- C:\WINDOWS\system32\udttcjej.ini
2007-11-18 01:15 d-------- C:\Program Files\Enigma Software Group
2007-11-15 20:49 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-11-14 20:47 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-14 20:33 d-------- C:\Documents and Settings\John\Application Data\Grisoft
2007-11-14 20:33 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 20:33 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-14 20:07 d-------- C:\WINDOWS\system32\rMa18yy
2007-11-14 20:02 d-------- C:\WINDOWS\system32\FxsTmp
2007-11-14 19:54 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-14 19:03 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 18:49 d-------- C:\Temp
2007-11-13 01:44 d-------- C:\Program Files\BFG
2007-11-12 22:15 d-------- C:\PSFONTS
2007-11-12 22:15 d-------- C:\Program Files\Finale NotePad 2008
2007-11-09 00:14 d-------- C:\Program Files\iTunes
2007-11-09 00:14 d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 08:17 6,788 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-23 06:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-19 02:26 --------- d-----w C:\Program Files\Java
2007-11-16 02:48 164 ----a-w C:\install.dat
2007-11-13 19:01 --------- d-----w C:\Program Files\Three Rings Design
2007-11-13 18:57 --------- d-----w C:\Program Files\LimeWire
2007-11-13 18:40 --------- d-----w C:\Program Files\Yahoo! Games
2007-11-13 18:40 --------- d-----w C:\Program Files\WildTangent
2007-11-13 18:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 06:13 --------- d-----w C:\Program Files\QuickTime
2007-11-06 21:07 --------- d-----w C:\Program Files\Starcraft
2007-10-28 03:14 --------- d-----w C:\Documents and Settings\John\Application Data\Hamachi
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-16 03:46 --------- d-----w C:\Program Files\AIM6
2007-10-16 03:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-11 21:33 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-10-11 21:33 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-10-03 02:03 --------- d-----w C:\Program Files\Warcraft III
2007-10-01 22:40 1,526,072 ----a-w C:\WINDOWS\WRSetup.dll
2007-10-01 22:24 23,864 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2007-10-01 22:24 21,816 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2007-10-01 22:24 163,640 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2007-09-30 21:07 --------- d-----w C:\Documents and Settings\John\Application Data\AdobeUM
2007-07-22 04:55 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-05-17 01:30 1,582 ----a-w C:\Program Files\LimeWire 4.12.11.lnk
2007-05-17 01:29 3,098,056 -c--a-w C:\Program Files\LimeWireWin.exe
2006-09-17 02:16 97,673 -c--a-w C:\Program Files\Message 111
2007-04-18 06:51 56 --sh--r C:\WINDOWS\system32\ 0ED0013C63.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-24_ 0.50.21.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-24 20:51:26 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_b00.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 14:22]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"RemoveIT Pro XT"="C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe" [2007-10-21 15:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 04:00 C:\WINDOWS\system32\rundll32.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-13 23:24]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-02-07 13:36:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggecbc]
hggecbc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-15 09:44 839680 --a------ C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 00:05 127035 --a--c--- C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 00:02 86016 --a--c--- C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-09 19:29 49152 -----c--- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-09 18:24 50760 --a------ C:\Program Files\Common Files\AOL\1148764823\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-28 10:55 667718 --a------ C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 10:59 124520 --a--c--- C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-02 18:36 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 01:24 20480 --------- C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
2003-10-07 08:48 147514 --a--c--- C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-29 03:56 761947 --a--c--- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{413e4fd4-d356-11db-a233-00038a000015}]
\Shell\AutoRun\command - E:\Programs\nu2menu\nu2menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b3fe95-037a-11dc-a264-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-11-18 09:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-11-15 18:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-17 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DOLANLAPTOP-John).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-11-18 07:19:30 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 14:51:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-24 14:53:08 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-24 00:52
.
--- E O F ---

ComboFix 07-11-19.3 - John 2007-11-25 12:59:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1422 [GMT -6:00]
Running from: C:\Documents and Settings\John\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\John\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\udttcjej.ini
C:\WINDOWS\system32\urkmykkx.ini
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\rMa18yy
C:\WINDOWS\system32\udttcjej.ini
C:\WINDOWS\system32\urkmykkx.ini
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job

.
((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
.

2007-11-19 19:06 d-------- C:\Program Files\Trend Micro
2007-11-18 20:36 d-------- C:\Program Files\InCode Solutions
2007-11-18 20:26 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-18 20:24 5,387 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-18 19:58 d-------- C:\VundoFix Backups
2007-11-18 19:07 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-18 01:23 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-11-18 01:15 d-------- C:\Program Files\Enigma Software Group
2007-11-15 20:49 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-11-14 20:47 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-14 20:33 d-------- C:\Documents and Settings\John\Application Data\Grisoft
2007-11-14 20:33 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 20:33 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-14 20:02 d-------- C:\WINDOWS\system32\FxsTmp
2007-11-14 19:54 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-14 19:03 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 18:49 d-------- C:\Temp
2007-11-13 01:44 d-------- C:\Program Files\BFG
2007-11-12 22:15 d-------- C:\PSFONTS
2007-11-12 22:15 d-------- C:\Program Files\Finale NotePad 2008
2007-11-09 00:14 d-------- C:\Program Files\iTunes
2007-11-09 00:14 d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 08:17 6,788 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-23 06:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-19 02:26 --------- d-----w C:\Program Files\Java
2007-11-16 02:48 164 ----a-w C:\install.dat
2007-11-13 19:01 --------- d-----w C:\Program Files\Three Rings Design
2007-11-13 18:57 --------- d-----w C:\Program Files\LimeWire
2007-11-13 18:40 --------- d-----w C:\Program Files\Yahoo! Games
2007-11-13 18:40 --------- d-----w C:\Program Files\WildTangent
2007-11-13 18:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 06:13 --------- d-----w C:\Program Files\QuickTime
2007-11-06 21:07 --------- d-----w C:\Program Files\Starcraft
2007-10-28 03:14 --------- d-----w C:\Documents and Settings\John\Application Data\Hamachi
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-16 03:46 --------- d-----w C:\Program Files\AIM6
2007-10-16 03:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-11 21:33 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-10-11 21:33 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-10-03 02:03 --------- d-----w C:\Program Files\Warcraft III
2007-10-01 22:40 1,526,072 ----a-w C:\WINDOWS\WRSetup.dll
2007-10-01 22:24 23,864 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2007-10-01 22:24 21,816 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2007-10-01 22:24 163,640 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2007-09-30 21:07 --------- d-----w C:\Documents and Settings\John\Application Data\AdobeUM
2007-07-22 04:55 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-05-17 01:30 1,582 ----a-w C:\Program Files\LimeWire 4.12.11.lnk
2007-05-17 01:29 3,098,056 -c--a-w C:\Program Files\LimeWireWin.exe
2006-09-17 02:16 97,673 -c--a-w C:\Program Files\Message 111
2007-04-18 06:51 56 --sh--r C:\WINDOWS\system32\ 0ED0013C63.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-24_ 0.50.21.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-25 18:35:59 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 14:22]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"RemoveIT Pro XT"="C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe" [2007-10-21 15:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 04:00 C:\WINDOWS\system32\rundll32.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-13 23:24]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-02-07 13:36:50]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-15 09:44 839680 --a------ C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 00:05 127035 --a--c--- C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 00:02 86016 --a--c--- C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-09 19:29 49152 -----c--- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-09 18:24 50760 --a------ C:\Program Files\Common Files\AOL\1148764823\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-28 10:55 667718 --a------ C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 10:59 124520 --a--c--- C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-02 18:36 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 01:24 20480 --------- C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
2003-10-07 08:48 147514 --a--c--- C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-29 03:56 761947 --a--c--- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{413e4fd4-d356-11db-a233-00038a000015}]
\Shell\AutoRun\command - E:\Programs\nu2menu\nu2menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b3fe95-037a-11dc-a264-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder
"2007-11-15 18:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-17 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DOLANLAPTOP-John).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-11-18 07:19:30 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 13:06:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-25 13:17:32
C:\ComboFix2.txt ... 2007-11-24 14:53
C:\ComboFix3.txt ... 2007-11-24 00:52
.
--- E O F ---