vmi1816

Negster22, Thanks so very much for sticking with me. I've learned alot and truly appreciate your professionalism. Best Wishes! vmi1816

What is HJT log?

Malwarebytes' Anti-Malware 1.36 Database version: 2179 Windows 5.1.2600 Service Pack 3 6/1/2009 7:30:22 AM mbam-log-2009-06-01 (07-30-01).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 153319 Time elapsed: 34 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\fe345.fe345mgr (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\fe345.fe345mgr.1 (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\ty667.ty667mgr.1 (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\y537.y537mgr (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\y537.y537mgr.1 (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{bb05bd70-4605-4829-93fc-ad80d8cc5b66} (Rogue.PerformanceCenter) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

here's my Eset log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=6.00.2900.5512 (xpsp.080413-2105) # OnlineScanner.ocx=1.0.0.5863 # api_version=3.0.2 # EOSSerial=aacce74d91dd34488d10f980ee097f68 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-06-01 04:02:56 # local_time=2009-06-01 12:02:56 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1281 37 100 100 59907379528816 # compatibility_mode=0 0 0 0 0 # scanned=71402 # found=15 # cleaned=15 # scan_time=4554 C:\Documents and Settings\Owner\Desktop\installprivacyprotectorfree.exe Win32/Adware.WinFixer application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\st_1242343511.exe.vir a variant of Win32/Tinxy.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\st_1242351379.exe.vir a variant of Win32/Tinxy.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\st_1242434008.exe.vir Win32/Tinxy.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\SYSDLL.exe.vir a variant of Win32/Tinxy.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\grpconv.exe.vir a variant of Win32/Kryptik.NT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP401\A0112193.exe a variant of Win32/Kryptik.PT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP401\A0112391.exe a variant of Win32/Tinxy.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP401\A0112393.exe a variant of Win32/Kryptik.NT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP401\A0112394.exe Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP401\A0112399.exe a variant of Win32/Tinxy.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP401\A0112400.exe a variant of Win32/Tinxy.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP401\A0112401.exe Win32/Tinxy.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0112857.exe Win32/Adware.WinFixer application (cleaned by deleting - quarantined) 00000000000000000000000000000000

Here's the new Combofix Log. ComboFix 09-05-31.02 - Owner 05/31/2009 21:02.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.203 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\bonkers.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} * Created a new restore point file zipped: c:\windows\sonce122730.dat file zipped: c:\windows\system32\edacded0_x.dat file zipped: c:\windows\system32\krncode.dat file zipped: c:\windows\system32\ldshyf1.old file zipped: c:\windows\system32\osysk.dat file zipped: c:\windows\system32\osysp.dat file zipped: c:\windows\system32\osysw.dat file zipped: c:\windows\system32\pwrcode.dat file zipped: c:\windows\system32\wincode.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\9g2234wesdf3dfgjf23 c:\windows\sonce122730.dat c:\windows\system32\796525 c:\windows\system32\edacded0_x.dat c:\windows\system32\krncode.dat c:\windows\system32\ldshyf1.old c:\windows\system32\osysk.dat c:\windows\system32\osysp.dat c:\windows\system32\osysw.dat c:\windows\system32\pwrcode.dat c:\windows\system32\sysloc c:\windows\system32\wincode.dat . ((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 ))))))))))))))))))))))))))))))) . 2009-05-28 00:49 . 2009-05-28 00:49 -------- d-----w- c:\windows\system32\Sigcheck 2009-05-28 00:49 . 2009-05-28 00:49 117411 ----a-w- c:\windows\system32\Sigcheck.zip 2009-05-28 00:48 . 2009-05-28 00:35 829 ----a-w- c:\windows\system32\unsignedfiles.bat 2009-05-26 23:54 . 2009-05-27 00:46 -------- d-----w- C:\ark 2009-05-25 23:10 . 2009-05-25 23:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2009-05-25 23:09 . 2009-04-06 19:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-25 23:09 . 2009-04-06 19:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-25 23:09 . 2009-05-26 10:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-05-25 23:09 . 2009-05-25 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-25 23:07 . 2009-05-25 23:07 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0 2009-05-25 22:56 . 2009-05-25 22:57 -------- d-----w- c:\program files\ScreenPrint32 v3 2009-05-25 22:56 . 2009-05-25 22:56 249856 ------w- c:\windows\Setup1.exe 2009-05-25 22:56 . 2009-05-25 22:56 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-05-25 18:03 . 2004-08-04 19:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe 2009-05-25 15:03 . 2009-05-25 14:41 19046 ----a-w- C:\sysinfo.zip 2009-05-18 00:24 . 2009-05-18 00:25 -------- d-----w- c:\program files\jv16 PowerTools 2009 2009-05-16 00:20 . 2009-05-16 00:20 -------- d-----w- C:\nitromarketingBonus 2009-05-10 23:42 . 2009-05-10 23:42 -------- d-----w- c:\documents and settings\Owner\.thumbnails . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-01 01:08 . 2009-01-12 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-06-01 01:08 . 2007-03-09 02:39 -------- d-----w- c:\program files\BrainBullet 2009-06-01 01:06 . 2009-01-12 02:56 2928 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-06-01 01:06 . 2009-01-12 02:56 540704 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-06-01 01:06 . 2009-01-12 02:56 2354720 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-06-01 01:06 . 2009-01-12 02:56 19476 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-05-28 00:46 . 2009-02-27 20:22 220560 ----a-w- c:\windows\system32\sigcheck.exe 2009-05-28 00:37 . 2009-02-27 20:22 220560 ----a-w- C:\sigcheck.exe 2009-05-20 23:45 . 2009-01-12 02:58 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-05-20 23:45 . 2009-01-12 02:58 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-05-11 20:50 . 2005-11-26 23:24 -------- d-----w- c:\program files\Lx_cats 2009-04-18 22:12 . 2008-11-15 17:42 -------- d-----w- c:\program files\Finding Notes Easy 2009-03-06 14:22 . 2004-08-26 16:12 284160 ----a-w- c:\windows\system32\pdh.dll 2009-05-02 15:59 . 2007-04-22 20:56 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-05-02 15:59 . 2007-04-22 20:56 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-05-02 15:59 . 2007-04-22 20:56 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-05-02 15:59 . 2007-04-22 20:56 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-05-02 15:59 . 2007-04-22 20:56 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\nitromarketingBonus ---- 2009-05-16 00:20 . 2004-10-07 19:12 697221 ----a-w- c:\nitromarketingbonus\turn-testimonials-into-traffic.pdf 2009-05-16 00:20 . 2004-10-07 19:12 312167 ----a-w- c:\nitromarketingbonus\READ ME FIRST.pdf 2009-05-16 00:20 . 2004-10-07 19:12 246851 ----a-w- c:\nitromarketingbonus\moneymagnet.exe 2009-05-16 00:20 . 2004-10-07 19:12 352353 ----a-w- c:\nitromarketingbonus\MillionTranscript.pdf 2009-05-16 00:20 . 2004-10-07 19:12 530800 ----a-w- c:\nitromarketingbonus\hypnotic-writing-swipe-file.pdf 2009-05-16 00:20 . 2004-10-07 19:12 393523 ----a-w- c:\nitromarketingbonus\hypnotic-traffic-tools.pdf 2009-05-16 00:20 . 2004-10-07 19:12 471074 ----a-w- c:\nitromarketingbonus\hypnotic-selling-tools.pdf 2009-05-16 00:20 . 2004-10-07 19:12 532709 ----a-w- c:\nitromarketingbonus\hypnotic-selling-stories.pdf 2009-05-16 00:20 . 2004-10-07 19:12 947739 ----a-w- c:\nitromarketingbonus\hypnotic-marketing.pdf 2009-05-16 00:20 . 2004-10-07 19:12 550345 ----a-w- c:\nitromarketingbonus\hypnotic-JVProposals.pdf 2009-05-16 00:20 . 2004-10-07 19:12 376700 ----a-w- c:\nitromarketingbonus\hypnotic-endorsements.pdf 2009-05-16 00:20 . 2004-10-07 19:12 430737 ----a-w- c:\nitromarketingbonus\hypnotic-articles.pdf 2009-05-16 00:20 . 2004-10-07 19:12 812047 ----a-w- c:\nitromarketingbonus\BartonReport.pdf 2009-05-16 00:20 . 2004-10-07 19:12 714396 ----a-w- c:\nitromarketingbonus\advanced-hypnotic-writing.pdf ---- Directory of c:\windows\system32\796525\ ---- ---- Directory of c:\windows\system32\sysloc\ ---- ((((((((((((((((((((((((((((( SnapShot@2009-05-25_18.06.58 ))))))))))))))))))))))))))))))))))))))))) . + 2000-07-15 04:00 . 2000-07-15 04:00 101888 c:\windows\system32\VB6STKIT.DLL + 2009-02-27 20:22 . 2009-05-28 00:49 220560 c:\windows\system32\Sigcheck\sigcheck.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-24 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-24 118784] "LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632] "lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-04 200704] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 320168] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-08 98304] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-15 185896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328] "lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-06 206088] "ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BBStartup.lnk.lnk - c:\program files\BrainBullet\BBStartup.exe [2007-3-8 403968] BigFix.lnk - c:\program files\BigFix\BigFix.exe [2005-10-8 1742384] Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2005-10-8 729088] MiniEYE-MiniREAD Launch.lnk - c:\program files\Infinite Mind LC\eyeQ\ARLaunch.exe [2007-9-2 323584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AOL ACS"=2 (0x2) "AOL TopSpeedMonitor"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\WINDOWS\\system32\\lxcgcoms.exe"= "c:\\WINDOWS\\system32\\lxdxcoms.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxamon.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\frun.exe"= "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"= "c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"= "c:\\WINDOWS\\system32\\lxdxcfg.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 7:29 PM 33808] R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [9/2/2007 11:42 AM 137344] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?] R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [9/2/2007 11:42 AM 12032] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 8:02 PM 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 7:06 PM 24592] . Contents of the 'Scheduled Tasks' folder 2005-11-23 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12] 2005-11-23 c:\windows\Tasks\ISP signup reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.kaspersky.com/ mStart Page = hxxp://www.gatewaybiz.com uInternet Settings,ProxyServer = http=localhost:7171 uInternet Settings,ProxyOverride = *.local;<local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7m7oly42.default\ FF - prefs.js: browser.search.selectedEngine - Crawler Search FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-31 21:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3932) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\lxdxcoms.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\windows\system32\wscntfy.exe c:\program files\Lexmark 3600-4600 Series\lxdxmsdmon.exe c:\windows\system32\lxcgcoms.exe . ************************************************************************** . Completion time: 2009-06-01 21:13 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-01 01:13 ComboFix2.txt 2009-05-27 01:00 ComboFix3.txt 2009-05-25 18:12 Pre-Run: 38,458,699,776 bytes free Post-Run: 38,445,547,520 bytes free 214 --- E O F --- 2009-05-14 00:16

Great! thanks for your help. I'll try the script this evening.

Hello, yes I want to keep the Nitro Bonus, do I just delete that section below?

Greetings, Thanks for followng up; here's the text file. c:\windows\system32\kernel32.dll: Verified: Signed Signing date: 1:27 PM 3/21/2009 Strong Name: Unsigned Publisher: Microsoft Corporation Description: Windows NT BASE API Client DLL Product: Microsoft

hi, when I run the .bat file, I get error system cannot find the specified path. .bat is on the desktop .exe is in c:\windows\system32 disabled my Kaspersky Internet Securty 2009. I am not sure how to proceed. Thanks again vm1816

Here you go. MD5: b921fb870c9ac0d509b2ccabbbbe95f3 First received: 2009.04.16 14:51:52 UTC Date: 2009.05.18 12:38:23 UTC [>8D] Results: 0/39 Permalink: analisis/d3b69a8b59e07e775f99871c4ad107a4f72f392325695e7f261f6aa6e590d4e6-1242650303 MD5: 50a166237a0fa771261275a405646cc0 First received: 2009.03.21 22:21:00 UTC Date: 2009.05.17 05:14:56 UTC [>10D] Results: 0/39 Permalink: analisis/cfa9b2c8cdcdb56c27b89593a106aae211e24d8ea433129a6e9bd2fbf39ab5bb-1242537296 MD5: 5b6a3eb7bb2f338bc2cb9f2fa4aaea9e First received: 2009.04.21 07:03:21 UTC Date: 2009.04.21 07:03:21 UTC [>36D] Results: 0/40 Permalink: analisis/07dc92e59ad8e5ec6435ff5b3aadeab723453fdc0be2229b466ef86ce3f54f81-1240297401 MD5: b921fb870c9ac0d509b2ccabbbbe95f3 First received: 2009.04.16 14:51:52 UTC Date: 2009.05.18 12:38:23 UTC [>8D] Results: 0/39 Permalink: analisis/d3b69a8b59e07e775f99871c4ad107a4f72f392325695e7f261f6aa6e590d4e6-1242650303 ======sysfiles.txt================= Volume in drive C has no label. Volume Serial Number is A8B8-354B Directory of C:\WINDOWS\$hf_mig$\KB917422\SP2QFE 05/01/2009 04:59 PM 989,696 kernel32.dll 1 File(s) 989,696 bytes Directory of C:\WINDOWS\$hf_mig$\KB935839\SP2QFE 05/01/2009 04:59 PM 989,696 kernel32.dll 1 File(s) 989,696 bytes Directory of C:\WINDOWS\$hf_mig$\KB959426\SP3QFE 03/21/2009 09:59 AM 991,744 kernel32.dll 1 File(s) 991,744 bytes Directory of C:\WINDOWS\$NtServicePackUninstall$ 04/16/2007 11:52 AM 984,576 kernel32.dll 1 File(s) 984,576 bytes Directory of C:\WINDOWS\$NtUninstallKB917422$ 08/04/2004 03:00 PM 983,552 kernel32.dll 1 File(s) 983,552 bytes Directory of C:\WINDOWS\$NtUninstallKB935839$ 07/05/2006 06:55 AM 984,064 kernel32.dll 1 File(s) 984,064 bytes Directory of C:\WINDOWS\$NtUninstallKB959426$ 04/13/2008 08:11 PM 989,696 kernel32.dll 1 File(s) 989,696 bytes Directory of C:\WINDOWS\ServicePackFiles\i386 04/13/2008 08:11 PM 989,696 kernel32.dll 1 File(s) 989,696 bytes Directory of C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e 04/13/2008 08:11 PM 989,696 kernel32.dll 1 File(s) 989,696 bytes Directory of C:\WINDOWS\system32 03/21/2009 10:06 AM 989,696 kernel32.dll 1 File(s) 989,696 bytes Directory of C:\WINDOWS\system32\dllcache 03/21/2009 10:06 AM 989,696 kernel32.dll 1 File(s) 989,696 bytes Total Files Listed: 11 File(s) 10,871,808 bytes 0 Dir(s) 38,449,922,048 bytes free Volume in drive C has no label. Volume Serial Number is A8B8-354B Directory of C:\WINDOWS\$NtServicePackUninstall$ 08/04/2004 03:00 PM 17,408 powrprof.dll 1 File(s) 17,408 bytes Directory of C:\WINDOWS\ServicePackFiles\i386 04/13/2008 08:12 PM 17,408 powrprof.dll 1 File(s) 17,408 bytes Directory of C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e 04/13/2008 08:12 PM 17,408 powrprof.dll 1 File(s) 17,408 bytes Directory of C:\WINDOWS\system32 04/13/2008 08:12 PM 17,408 powrprof.dll 1 File(s) 17,408 bytes Total Files Listed: 4 File(s) 69,632 bytes 0 Dir(s) 38,449,922,048 bytes free Volume in drive C has no label. Volume Serial Number is A8B8-354B Directory of C:\WINDOWS\$hf_mig$\KB834707\SP2QFE 05/01/2009 04:58 PM 670,208 wininet.dll 1 File(s) 670,208 bytes Directory of C:\WINDOWS\$hf_mig$\KB867282\SP2QFE 05/01/2009 04:58 PM 670,208 wininet.dll 1 File(s) 670,208 bytes Directory of C:\WINDOWS\$hf_mig$\KB883939\SP2QFE 05/01/2009 04:58 PM 670,208 wininet.dll 1 File(s) 670,208 bytes Directory of C:\WINDOWS\$hf_mig$\KB890923\SP2QFE 05/01/2009 04:58 PM 670,208 wininet.dll 1 File(s) 670,208 bytes Directory of C:\WINDOWS\$hf_mig$\KB896688\SP2QFE 05/01/2009 04:58 PM 670,208 wininet.dll 1 File(s) 670,208 bytes Directory of C:\WINDOWS\$hf_mig$\KB905915\SP2QFE 05/01/2009 04:58 PM 670,208 wininet.dll 1 File(s) 670,208 bytes Directory of C:\WINDOWS\$hf_mig$\KB950759\SP3GDR 04/21/2008 02:44 AM 666,112 wininet.dll 1 File(s) 666,112 bytes Directory of C:\WINDOWS\$hf_mig$\KB950759\SP3QFE 04/21/2008 02:24 AM 666,624 wininet.dll 1 File(s) 666,624 bytes Directory of C:\WINDOWS\$hf_mig$\KB953838\SP3GDR 06/23/2008 11:09 AM 666,112 wininet.dll 1 File(s) 666,112 bytes Directory of C:\WINDOWS\$hf_mig$\KB953838\SP3QFE 06/23/2008 10:54 AM 666,624 wininet.dll 1 File(s) 666,624 bytes Directory of C:\WINDOWS\$hf_mig$\KB956390\SP3GDR 08/20/2008 01:30 AM 666,112 wininet.dll 1 File(s) 666,112 bytes Directory of C:\WINDOWS\$hf_mig$\KB956390\SP3QFE 08/20/2008 12:58 AM 666,624 wininet.dll 1 File(s) 666,624 bytes Directory of C:\WINDOWS\$hf_mig$\KB958215\SP3GDR 10/15/2008 09:00 PM 666,112 wininet.dll 1 File(s) 666,112 bytes Directory of C:\WINDOWS\$hf_mig$\KB958215\SP3QFE 10/15/2008 09:04 PM 667,136 wininet.dll 1 File(s) 667,136 bytes Directory of C:\WINDOWS\$hf_mig$\KB963027\SP3QFE 02/20/2009 03:50 AM 667,648 wininet.dll 1 File(s) 667,648 bytes Directory of C:\WINDOWS\$NtServicePackUninstall$ 10/16/2008 06:20 AM 667,648 wininet.dll 1 File(s) 667,648 bytes Directory of C:\WINDOWS\$NtUninstallKB905915$ 09/02/2005 07:52 PM 658,432 wininet.dll 1 File(s) 658,432 bytes Directory of C:\WINDOWS\$NtUninstallKB912812$ 10/20/2005 11:39 PM 658,432 wininet.dll 1 File(s) 658,432 bytes Directory of C:\WINDOWS\$NtUninstallKB916281$ 03/03/2006 11:58 PM 663,552 wininet.dll 1 File(s) 663,552 bytes Directory of C:\WINDOWS\$NtUninstallKB918899$ 05/10/2006 01:25 AM 663,552 wininet.dll 1 File(s) 663,552 bytes Directory of C:\WINDOWS\$NtUninstallKB922760$ 06/23/2006 07:25 AM 664,576 wininet.dll 1 File(s) 664,576 bytes Directory of C:\WINDOWS\$NtUninstallKB925454$ 09/14/2006 04:31 AM 664,576 wininet.dll 1 File(s) 664,576 bytes Directory of C:\WINDOWS\$NtUninstallKB928090$ 10/23/2006 11:34 AM 664,576 wininet.dll 1 File(s) 664,576 bytes Directory of C:\WINDOWS\$NtUninstallKB931768$ 01/04/2007 10:05 AM 665,088 wininet.dll 1 File(s) 665,088 bytes Directory of C:\WINDOWS\$NtUninstallKB933566$ 02/20/2007 05:52 AM 665,600 wininet.dll 1 File(s) 665,600 bytes Directory of C:\WINDOWS\$NtUninstallKB937143$ 04/18/2007 08:46 AM 665,600 wininet.dll 1 File(s) 665,600 bytes Directory of C:\WINDOWS\$NtUninstallKB939653$ 06/26/2007 10:35 AM 665,600 wininet.dll 1 File(s) 665,600 bytes Directory of C:\WINDOWS\$NtUninstallKB942615$ 08/22/2007 08:55 AM 665,600 wininet.dll 1 File(s) 665,600 bytes Directory of C:\WINDOWS\$NtUninstallKB944533$ 10/11/2007 01:57 AM 666,112 wininet.dll 1 File(s) 666,112 bytes Directory of C:\WINDOWS\$NtUninstallKB947864$ 12/06/2007 08:44 PM 666,112 wininet.dll 1 File(s) 666,112 bytes Directory of C:\WINDOWS\$NtUninstallKB950759$ 04/13/2008 08:12 PM 666,112 wininet.dll 1 File(s) 666,112 bytes Directory of C:\WINDOWS\$NtUninstallKB950759_0$ 02/16/2008 05:32 AM 666,112 wininet.dll 1 File(s) 666,112 bytes Directory of C:\WINDOWS\$NtUninstallKB953838$ 04/21/2008 02:44 AM 666,112 wininet.dll 1 File(s) 666,112 bytes Directory of C:\WINDOWS\$NtUninstallKB953838_0$ 04/21/2008 02:56 AM 666,624 wininet.dll 1 File(s) 666,624 bytes Directory of C:\WINDOWS\$NtUninstallKB956390$ 06/23/2008 11:09 AM 666,112 wininet.dll 1 File(s) 666,112 bytes Directory of C:\WINDOWS\$NtUninstallKB956390_0$ 06/23/2008 12:12 PM 667,136 wininet.dll 1 File(s) 667,136 bytes Directory of C:\WINDOWS\$NtUninstallKB958215$ 08/20/2008 01:33 AM 667,648 wininet.dll 1 File(s) 667,648 bytes Directory of C:\WINDOWS\$NtUninstallKB963027$ 10/15/2008 09:00 PM 666,112 wininet.dll 1 File(s) 666,112 bytes Directory of C:\WINDOWS\ServicePackFiles\i386 04/13/2008 08:12 PM 666,112 wininet.dll 1 File(s) 666,112 bytes Directory of C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e 04/13/2008 08:12 PM 666,112 wininet.dll 1 File(s) 666,112 bytes Directory of C:\WINDOWS\system32 02/20/2009 04:10 AM 666,112 wininet.dll 1 File(s) 666,112 bytes Directory of C:\WINDOWS\system32\dllcache 02/20/2009 04:10 AM 666,112 wininet.dll 1 File(s) 666,112 bytes Total Files Listed: 42 File(s) 27,981,824 bytes 0 Dir(s) 38,449,909,760 bytes free

I am sorry, Here's an earlier version. I may have deleted the combofix2 file. Can u use this file? ComboFix 09-05-25.01 - Owner 05/25/2009 13:58.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.204 [GMT -4:00] Running from: C:\123.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\123.exe c:\documents and settings\Owner\Application Data\wiaserva.log c:\documents and settings\Owner\Desktop\Error Cleaner.url c:\documents and settings\Owner\Desktop\Privacy Protector.url c:\documents and settings\Owner\Favorites\Privacy Protector.url c:\documents and settings\Owner\Favorites\Spyware&Malware Protection.url C:\SYS32DLL.bat c:\windows\ld08.exe c:\windows\new_drv.sys c:\windows\pp10.exe c:\windows\rs.txt c:\windows\search_res.txt c:\windows\st_1242343511.exe c:\windows\st_1242351379.exe c:\windows\st_1242434008.exe c:\windows\system32\218538 c:\windows\system32\drivers\UACxylkspypdvbqegb.sys c:\windows\system32\lowsec c:\windows\system32\lowsec\local.ds c:\windows\system32\lowsec\user.ds c:\windows\system32\SYSDLL.exe c:\windows\system32\UACdjwhxvrbdisteti.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACnqfewthniwbeuom.log c:\windows\system32\UACpbnmpxthexjecfq.dll c:\windows\system32\UACppjwswqblovbrsb.dat c:\windows\system32\UACqplvtakcrjqvjei.dll c:\windows\system32\UACrfgivrqopxmewlf.log c:\windows\system32\UACsnvsilivowfutmn.dll c:\windows\system32\UACubdtkbmuepwojes.log c:\windows\system32\UACxcymrmdtmafrgxr.dll c:\windows\system32\wbem\grpconv.exe c:\windows\system32\wbem\proquota.exe c:\windows\t55ft2692f44.dat c:\windows\t55ft3189f44.dat D:\Autorun.inf D:\Desktop.ini %~1 was missing Restored copy from - %~2 %~1 was missing Restored copy from - %~2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_NEW_DRV ((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 ))))))))))))))))))))))))))))))) . 2009-05-25 18:03 . 2004-08-04 19:00 50176 -c--a-w c:\windows\system32\dllcache\proquota.exe 2009-05-25 15:03 . 2009-05-25 14:41 19046 ----a-w C:\sysinfo.zip 2009-05-25 14:59 . 2009-05-25 14:59 2 ---h--w c:\windows\sonce122730.dat 2009-05-25 14:59 . 2009-05-25 14:59 -------- d-----w c:\windows\system32\sysloc 2009-05-18 00:25 . 2009-05-18 00:25 23 --sha-w c:\windows\system32\edacded0_x.dat 2009-05-18 00:24 . 2009-05-18 00:25 -------- d-----w c:\program files\jv16 PowerTools 2009 2009-05-16 00:20 . 2009-05-16 00:20 -------- d-----w C:\nitromarketingBonus 2009-05-15 20:54 . 2009-05-16 02:14 -------- d-----w c:\windows\system32\796525 2009-05-10 23:42 . 2009-05-10 23:42 -------- d-----w c:\documents and settings\Owner\.thumbnails 2009-05-01 20:59 . 2004-08-04 19:00 4224 ----a-w c:\windows\system32\drivers\beep.sys 2009-05-01 20:58 . 2009-05-01 20:58 6407 ----a-w c:\windows\system32\krncode.dat 2009-05-01 20:58 . 2009-05-01 20:58 1575 ----a-w c:\windows\system32\pwrcode.dat 2009-05-01 20:58 . 2009-05-01 20:58 19434 ----a-w c:\windows\system32\wincode.dat 2009-05-01 20:58 . 2008-04-14 00:12 17408 ----a-w c:\windows\system32\osysp.dat 2009-05-01 20:58 . 2009-03-21 14:06 989696 ----a-w c:\windows\system32\osysk.dat 2009-05-01 20:58 . 2009-02-20 08:10 666112 ----a-w c:\windows\system32\osysw.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-25 18:04 . 2009-01-12 02:56 466976 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-05-25 18:04 . 2009-01-12 02:56 2676 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-05-25 18:04 . 2009-01-12 02:56 1885216 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-05-25 18:04 . 2009-01-12 02:56 15808 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-25 17:45 . 2007-03-09 02:39 -------- d-----w c:\program files\BrainBullet 2009-05-25 17:45 . 2009-01-12 02:56 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-05-20 23:45 . 2009-01-12 02:58 105395 ----a-w c:\windows\system32\drivers\klin.dat 2009-05-20 23:45 . 2009-01-12 02:58 94643 ----a-w c:\windows\system32\drivers\klick.dat 2009-05-11 20:50 . 2005-11-26 23:24 -------- d-----w c:\program files\Lx_cats 2009-04-18 22:12 . 2008-11-15 17:42 -------- d-----w c:\program files\Finding Notes Easy 2009-03-06 14:22 . 2004-08-26 16:12 284160 ----a-w c:\windows\system32\pdh.dll 2009-05-02 15:59 . 2007-04-22 20:56 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-05-02 15:59 . 2007-04-22 20:56 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-05-02 15:59 . 2007-04-22 20:56 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-05-02 15:59 . 2007-04-22 20:56 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-05-02 15:59 . 2007-04-22 20:56 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{437A43D5-E5C3-4959-BBD0-F2BFB1EDC6FD}] 2009-05-25 14:59 22528 ----a-w c:\windows\system32\sysloc\sysloc.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-24 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-24 118784] "LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632] "lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-04 200704] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 320168] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-08 98304] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-15 185896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328] "lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-06 206088] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BBStartup.lnk.lnk - c:\program files\BrainBullet\BBStartup.exe [2007-3-8 403968] BigFix.lnk - c:\program files\BigFix\BigFix.exe [2005-10-8 1742384] Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2005-10-8 729088] MiniEYE-MiniREAD Launch.lnk - c:\program files\Infinite Mind LC\eyeQ\ARLaunch.exe [2007-9-2 323584] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AOL ACS"=2 (0x2) "AOL TopSpeedMonitor"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\WINDOWS\\system32\\lxcgcoms.exe"= "c:\\WINDOWS\\system32\\lxdxcoms.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxamon.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\frun.exe"= "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"= "c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"= "c:\\WINDOWS\\system32\\lxdxcfg.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 7:29 PM 33808] R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [9/2/2007 11:42 AM 137344] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?] R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [9/2/2007 11:42 AM 12032] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 8:02 PM 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 7:06 PM 24592] . Contents of the 'Scheduled Tasks' folder 2005-11-23 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12] 2005-11-23 c:\windows\Tasks\ISP signup reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12] . - - - - ORPHANS REMOVED - - - - BHO-{5E5EFA8F-9F53-418E-B78E-44866667A404} - c:\windows\system32\218538\218538.dll HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.kaspersky.com/ mStart Page = hxxp://www.gatewaybiz.com uInternet Settings,ProxyServer = http=localhost:7171 uInternet Settings,ProxyOverride = *.local;<local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7m7oly42.default\ FF - prefs.js: browser.search.selectedEngine - Crawler Search FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.type - 1 FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-25 14:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\lxdxcoms.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\Lexmark 3600-4600 Series\lxdxmsdmon.exe c:\windows\system32\lxcgcoms.exe . ************************************************************************** . Completion time: 2009-05-25 14:12 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-25 18:12 Pre-Run: 37,712,478,208 bytes free Post-Run: 37,868,441,600 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 214 --- E O F --- 2009-05-14 00:16

Hi, I included the combofix in my last post but I renamed the file from combofix2 to combofix. Thanks!

Hello, Here are my files. ark.txt GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-05-26 20:47:29 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xEEC25940] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xEEC259A8] Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) ---- EOF - GMER 1.0.15 ---- combofix.txt ComboFix 09-05-26.02 - Owner 05/26/2009 20:55.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.163 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\bonkers.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 ))))))))))))))))))))))))))))))) . 2009-05-26 23:54 . 2009-05-27 00:46 -------- d-----w C:\ark 2009-05-25 23:10 . 2009-05-25 23:10 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes 2009-05-25 23:09 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-25 23:09 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-25 23:09 . 2009-05-26 10:26 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-25 23:09 . 2009-05-25 23:09 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-25 23:07 . 2009-05-25 23:07 -------- d-----w c:\documents and settings\Owner\Application Data\gtk-2.0 2009-05-25 22:56 . 2009-05-25 22:57 -------- d-----w c:\program files\ScreenPrint32 v3 2009-05-25 22:56 . 2009-05-25 22:56 249856 ------w c:\windows\Setup1.exe 2009-05-25 22:56 . 2009-05-25 22:56 73216 ----a-w c:\windows\ST6UNST.EXE 2009-05-25 18:03 . 2004-08-04 19:00 50176 -c--a-w c:\windows\system32\dllcache\proquota.exe 2009-05-25 15:03 . 2009-05-25 14:41 19046 ----a-w C:\sysinfo.zip 2009-05-25 14:59 . 2009-05-25 14:59 2 ---h--w c:\windows\sonce122730.dat 2009-05-25 14:59 . 2009-05-25 19:13 -------- d-----w c:\windows\system32\sysloc 2009-05-18 00:25 . 2009-05-18 00:25 23 --sha-w c:\windows\system32\edacded0_x.dat 2009-05-18 00:24 . 2009-05-18 00:25 -------- d-----w c:\program files\jv16 PowerTools 2009 2009-05-16 00:20 . 2009-05-16 00:20 -------- d-----w C:\nitromarketingBonus 2009-05-15 20:54 . 2009-05-16 02:14 -------- d-----w c:\windows\system32\796525 2009-05-10 23:42 . 2009-05-10 23:42 -------- d-----w c:\documents and settings\Owner\.thumbnails 2009-05-01 20:59 . 2004-08-04 19:00 4224 ----a-w c:\windows\system32\drivers\beep.sys 2009-05-01 20:58 . 2009-05-01 20:58 6407 ----a-w c:\windows\system32\krncode.dat 2009-05-01 20:58 . 2009-05-01 20:58 1575 ----a-w c:\windows\system32\pwrcode.dat 2009-05-01 20:58 . 2009-05-01 20:58 19434 ----a-w c:\windows\system32\wincode.dat 2009-05-01 20:58 . 2008-04-14 00:12 17408 ----a-w c:\windows\system32\osysp.dat 2009-05-01 20:58 . 2009-03-21 14:06 989696 ----a-w c:\windows\system32\osysk.dat 2009-05-01 20:58 . 2009-02-20 08:10 666112 ----a-w c:\windows\system32\osysw.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-26 23:58 . 2009-01-12 02:56 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-05-26 18:08 . 2007-03-09 02:39 -------- d-----w c:\program files\BrainBullet 2009-05-26 18:05 . 2009-01-12 02:56 2872 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-05-26 18:05 . 2009-01-12 02:56 524320 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-05-26 18:05 . 2009-01-12 02:56 2354720 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-05-26 18:05 . 2009-01-12 02:56 19476 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-20 23:45 . 2009-01-12 02:58 105395 ----a-w c:\windows\system32\drivers\klin.dat 2009-05-20 23:45 . 2009-01-12 02:58 94643 ----a-w c:\windows\system32\drivers\klick.dat 2009-05-11 20:50 . 2005-11-26 23:24 -------- d-----w c:\program files\Lx_cats 2009-04-18 22:12 . 2008-11-15 17:42 -------- d-----w c:\program files\Finding Notes Easy 2009-03-06 14:22 . 2004-08-26 16:12 284160 ----a-w c:\windows\system32\pdh.dll 2009-05-02 15:59 . 2007-04-22 20:56 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-05-02 15:59 . 2007-04-22 20:56 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-05-02 15:59 . 2007-04-22 20:56 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-05-02 15:59 . 2007-04-22 20:56 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-05-02 15:59 . 2007-04-22 20:56 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((( SnapShot@2009-05-25_18.06.58 ))))))))))))))))))))))))))))))))))))))))) . + 2000-07-15 04:00 . 2000-07-15 04:00 101888 c:\windows\system32\VB6STKIT.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-24 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-24 118784] "LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632] "lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-04 200704] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 320168] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-08 98304] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-15 185896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328] "lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-06 206088] "ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BBStartup.lnk.lnk - c:\program files\BrainBullet\BBStartup.exe [2007-3-8 403968] BigFix.lnk - c:\program files\BigFix\BigFix.exe [2005-10-8 1742384] Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2005-10-8 729088] MiniEYE-MiniREAD Launch.lnk - c:\program files\Infinite Mind LC\eyeQ\ARLaunch.exe [2007-9-2 323584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AOL ACS"=2 (0x2) "AOL TopSpeedMonitor"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\WINDOWS\\system32\\lxcgcoms.exe"= "c:\\WINDOWS\\system32\\lxdxcoms.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxamon.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\frun.exe"= "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"= "c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"= "c:\\WINDOWS\\system32\\lxdxcfg.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 7:29 PM 33808] R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [9/2/2007 11:42 AM 137344] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?] R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [9/2/2007 11:42 AM 12032] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 8:02 PM 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 7:06 PM 24592] --- Other Services/Drivers In Memory --- *NewlyCreated* - AUJASNKJ *Deregistered* - aujasnkj . Contents of the 'Scheduled Tasks' folder 2005-11-23 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12] 2005-11-23 c:\windows\Tasks\ISP signup reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12] . - - - - ORPHANS REMOVED - - - - BHO-{437A43D5-E5C3-4959-BBD0-F2BFB1EDC6FD} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.kaspersky.com/ mStart Page = hxxp://www.gatewaybiz.com uInternet Settings,ProxyServer = http=localhost:7171 uInternet Settings,ProxyOverride = *.local;<local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7m7oly42.default\ FF - prefs.js: browser.search.selectedEngine - Crawler Search FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-26 20:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1320) c:\windows\system32\igfxsrvc.dll c:\windows\system32\hccutils.DLL - - - - - - - > 'explorer.exe'(3080) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-05-27 20:59 ComboFix-quarantined-files.txt 2009-05-27 00:59 ComboFix2.txt 2009-05-25 18:12 Pre-Run: 38,504,546,304 bytes free Post-Run: 38,492,053,504 bytes free 171 --- E O F --- 2009-05-14 00:16

Here you go and thanks for the fast reply! attach.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-05-14.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 11/22/2005 8:32:24 PM System Uptime: 5/26/2009 1:40:44 AM (5 hours ago) Motherboard: Gateway | | Processor: Intel® Celeron® M processor 1.40GHz | uFCPGA2 | 1389/400mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 49 GiB total, 35.884 GiB free. D: is FIXED (FAT32) - 7 GiB total, 4.752 GiB free. E: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP376: 2/27/2009 9:07:03 PM - System Checkpoint RP377: 3/3/2009 7:30:24 PM - System Checkpoint RP378: 3/5/2009 9:13:04 PM - System Checkpoint RP379: 3/12/2009 9:04:18 PM - Software Distribution Service 3.0 RP380: 3/13/2009 8:59:24 PM - Software Distribution Service 3.0 RP381: 3/15/2009 1:00:30 PM - Software Distribution Service 3.0 RP382: 3/18/2009 8:57:20 PM - System Checkpoint RP383: 3/20/2009 5:55:22 PM - Software Distribution Service 3.0 RP384: 3/23/2009 4:13:59 PM - System Checkpoint RP385: 3/29/2009 9:19:33 PM - System Checkpoint RP386: 3/31/2009 8:37:12 PM - System Checkpoint RP387: 4/3/2009 9:33:21 PM - System Checkpoint RP388: 4/4/2009 10:29:14 PM - System Checkpoint RP389: 4/8/2009 6:11:42 PM - System Checkpoint RP390: 4/9/2009 8:30:46 PM - System Checkpoint RP391: 4/10/2009 10:40:00 PM - System Checkpoint RP392: 4/13/2009 6:05:19 PM - System Checkpoint RP393: 4/14/2009 10:08:04 PM - System Checkpoint RP394: 4/16/2009 8:12:42 PM - Software Distribution Service 3.0 RP395: 4/17/2009 12:54:53 PM - Software Distribution Service 3.0 RP396: 4/18/2009 4:58:16 PM - System Checkpoint RP397: 4/20/2009 5:52:07 PM - System Checkpoint RP398: 4/23/2009 9:56:33 PM - System Checkpoint RP399: 4/25/2009 9:31:46 PM - System Checkpoint RP400: 4/27/2009 2:19:44 PM - System Checkpoint RP401: 4/29/2009 7:24:43 PM - System Checkpoint RP402: 5/25/2009 8:49:41 PM - System Checkpoint ==== Installed Programs ====================== ABBYY FineReader 6.0 Sprint Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 ActiveX Adobe Flash Player 9 ActiveX Adobe Flash Player Plugin Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe

Hey all, I've been working with Kaspersky support in an effor to remove a rootkit virus. After following their instructions, they suggested I run your progam and upload my log file. Can someone check it out and point me in the right direction. I still have several trojans on my PC. Thanks in advance, vmi1816 mbam_log_2009_05_25__19_57_08_.txt mbam_log_2009_05_25__19_57_08_.txt mbam_log_2009_05_25__19_57_08_.txt mbam_log_2009_05_25__19_57_08_.txt