Here what you asked for Thanks
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:37 AM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\hpzstatn.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\rnamfler\naofsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hpha1mon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {71FE447B-8C39-416C-AB43-2FC70559847D} - C:\WINDOWS\system32\vtUnmkKA.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [HPHA1MON] C:\WINDOWS\system32\hpha1mon.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.c ... 040510.cabO16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -
https://www-secure.symantec.com/techsup ... gctlsr.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://go.divx.com/plugin/DivXBrowserPlugin.cabO16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cabO16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (GoToMeeting/GoToWebinar Web Starter) -
https://www1.gotomeeting.com/default/ap ... 2mdlax.cabO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Printer Status Server (hpzstatn) - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\hpzstatn.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 5301 bytes
ComboFix 08-06-01.6 - larry 2008-06-03 9:02:15.2 - NTFSx86
Running from: C:\Documents and Settings\larry\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\barb\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\barb\Start Menu\Programs\Startup\DW_Start.lnk
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\taskkill.exe
.
---- Previous Run -------
.
C:\Documents and Settings\barb\Application Data\ShoppingReport
C:\Documents and Settings\barb\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\barb\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\barb\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\barb\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\barb\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\barb\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\barb\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\IEToolbar
C:\Program Files\IEToolbar\Toolbar 1.0\autofill_plugin.dll
C:\Program Files\IEToolbar\Toolbar 1.0\autosearch_plugin.dll
C:\Program Files\IEToolbar\Toolbar 1.0\panicButton_plugin.dll
C:\Program Files\IEToolbar\Toolbar 1.0\stations.dll
C:\Program Files\IEToolbar\Toolbar 1.0\tbhelper.dll
C:\Program Files\IEToolbar\Toolbar 1.0\tell_a_friend.dll
C:\Program Files\IEToolbar\Toolbar 1.0\toolbar1.0.dll
C:\Program Files\network monitor
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\BM2b8193ae.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\QmFyYmFyYQ\
C:\WINDOWS\QmFyYmFyYQ\\asappsrv.dll
C:\WINDOWS\QmFyYmFyYQ\\command.exe
C:\WINDOWS\QmFyYmFyYQ\command.exe
C:\WINDOWS\system32\aaieyvag.dll
C:\WINDOWS\system32\ajakvygt.dll
C:\WINDOWS\system32\AKkmnUtv.ini
C:\WINDOWS\system32\AKkmnUtv.ini2
C:\WINDOWS\system32\bdqcpgji.dll
C:\WINDOWS\system32\berxnrsr.ini
C:\WINDOWS\system32\berxnrsr.ini2
C:\WINDOWS\system32\bgqinicw.ini
C:\WINDOWS\system32\cjjfbdep.dll
C:\WINDOWS\system32\dJkkkUtv.ini
C:\WINDOWS\system32\dJkkkUtv.ini2
C:\WINDOWS\system32\feagfxmq.dll
C:\WINDOWS\system32\FfPoWGgh.ini
C:\WINDOWS\system32\FfPoWGgh.ini2
C:\WINDOWS\system32\ijgpcqdb.ini
C:\WINDOWS\system32\jqynpcmf.dll
C:\WINDOWS\system32\kefnbghv.dll
C:\WINDOWS\system32\ljqxytms.ini
C:\WINDOWS\system32\lxmadvgt.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\oegmxdcw.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qxoeiidx.dll
C:\WINDOWS\system32\rqRHxxuT.dll
C:\WINDOWS\system32\rsrnxreb.dll
C:\WINDOWS\system32\tgyvkaja.ini
C:\WINDOWS\system32\thdqsgkt.ini
C:\WINDOWS\system32\vlgplcfq.dll
C:\WINDOWS\system32\wciniqgb.dll
C:\WINDOWS\system32\wflriqwb.dll
C:\WINDOWS\system32\xdiieoxq.ini
C:\WINDOWS\system32\yktnhxwx.ini
C:\WINDOWS\system32\ynbqxlhv.dll
C:\WINDOWS\system32\zxdnt3d.cfg
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor
((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.
2008-06-01 02:54 . 2008-06-01 02:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-01 01:45 . 2008-06-01 01:45 <DIR> d-------- C:\Program Files\BillP Studios
2008-06-01 01:45 . 2008-06-01 01:45 <DIR> d-------- C:\Documents and Settings\larry\Application Data\WinPatrol
2008-06-01 00:58 . 2008-06-01 00:58 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-01 00:50 . 2008-06-01 00:51 <DIR> d-------- C:\c152e88caaf5453e4a16
2008-05-31 23:41 . 2008-05-31 23:47 <DIR> d-------- C:\!KillBox
2008-05-30 23:43 . 2002-08-14 08:03 34,578 --a------ C:\WINDOWS\system32\drivers\NPDRIVER.SYS
2008-05-30 23:30 . 2008-05-30 23:30 4,096 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-05-30 23:29 . 2003-11-21 07:07 82,984 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-30 23:29 . 2003-11-21 07:07 82,136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-30 08:22 . 2008-05-30 09:41 <DIR> d-------- C:\Program Files\Registry Defender Platinum
2008-05-30 08:15 . 2008-05-30 08:16 275,456 --a------ C:\WINDOWS\system32\vtUkkkJd.dll
2008-05-28 23:25 . 2008-05-28 23:25 275,456 --a------ C:\WINDOWS\system32\hgGWoPfF.dll
2008-05-28 23:21 . 2008-05-28 23:21 9,662 --a------ C:\WINDOWS\system32\pinkip.ico
2008-05-28 19:49 . 2008-05-28 19:49 13,942 --a------ C:\WINDOWS\system32\iphone-011.ico
2008-05-28 16:00 . 2008-05-28 16:18 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-05-28 14:57 . 2008-05-28 14:58 401,976 --a------ C:\WINDOWS\system32\g6.exe
2008-05-28 13:58 . 2008-05-28 13:58 275,456 --a------ C:\WINDOWS\system32\vtUnmkKA.dll
2008-05-28 13:54 . 2008-05-28 13:54 200,771 --a------ C:\WINDOWS\system32\ncntokdm.exe
2008-05-28 13:54 . 2008-05-28 13:54 860 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-28 13:53 . 2008-05-31 17:57 <DIR> d-------- C:\WINDOWS\system32\vntiho05
2008-05-28 13:53 . 2008-05-31 17:57 <DIR> d-------- C:\WINDOWS\system32\rev3
2008-05-28 13:53 . 2008-05-28 13:53 <DIR> d-------- C:\WINDOWS\system32\pb2
2008-05-28 13:53 . 2008-05-31 18:13 <DIR> d-------- C:\WINDOWS\system32\acom1
2008-05-28 13:53 . 2008-05-31 17:54 <DIR> d-------- C:\WINDOWS\system32\1026c
2008-05-28 13:53 . 2008-06-02 23:21 <DIR> d-------- C:\Temp
2008-05-28 13:53 . 2008-05-28 13:58 <DIR> d--hs---- C:\Documents and Settings\larry\!
2008-05-28 13:39 . 2008-05-30 22:49 <DIR> d-------- C:\Documents and Settings\larry\Application Data\LimeWire
2008-05-28 10:53 . 2008-05-28 10:53 <DIR> d-------- C:\Program Files\Java
2008-05-21 22:57 . 2008-05-21 22:57 <DIR> d-------- C:\Program Files\Snapshot Viewer
2008-05-09 17:06 . 2008-05-09 17:09 <DIR> dr-h----- C:\Program Files\rnamfler
2008-05-09 13:02 . 2008-05-09 13:02 <DIR> d-------- C:\Program Files\Citrix
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 06:43 --------- d-----w C:\Program Files\Norton AntiVirus
2008-05-31 06:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-31 06:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 06:29 --------- d-----w C:\Program Files\Symantec
2008-05-04 22:49 --------- d-----w C:\Program Files\Real
2008-05-04 22:49 --------- d-----w C:\Program Files\Common Files\Real
2008-04-29 06:18 --------- d-----w C:\Program Files\Google
2008-04-22 02:43 --------- d-----w C:\Documents and Settings\barb\Application Data\SI Swimsuit Calendar
2008-04-09 07:03 --------- d-----w C:\Program Files\QuickTime
2008-04-05 06:56 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 06:57 49 ----a-w C:\xmp.bat
2004-08-04 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 12:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 12:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-04 12:00 54,784 --sha-w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 12:00 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 12:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:38 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 12:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-04 12:00 11,776 --sha-w C:\WINDOWS\system32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71FE447B-8C39-416C-AB43-2FC70559847D}]
2008-05-28 13:58 275456 --a------ C:\WINDOWS\system32\vtUnmkKA.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"hpfsched"="C:\WINDOWS\hpfsched.exe" [2000-08-04 08:58 46595]
"HPHA1MON"="C:\WINDOWS\system32\hpha1mon.exe" [2000-08-04 09:02 65536]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-09 00:03 413696]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-11-10 06:30 70816]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [2004-03-17 13:23 74880]
C:\Documents and Settings\barb\Start Menu\Programs\Startup\
Reminder-hpc40415.lnk - C:\Program Files\HP PhotoSmart\P1000\ereg\Remind32.exe [2000-08-04 09:03:02 74755]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
R2 hpzstatn;Printer Status Server;C:\WINDOWS\system32\spool\drivers\w32x86\hpzstatn.exe [2000-08-04 09:02]
S1 mnmddd;mnmddd;C:\WINDOWS\system32\drivers\mnmddd.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 06:46:12 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - larry.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-06-03 15:57:51 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-03 09:05:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-03 9:19:10
ComboFix-quarantined-files.txt 2008-06-03 16:19:05
Pre-Run: 8,017,911,808 bytes free
Post-Run: 8,011,583,488 bytes free
201 --- E O F --- 2008-05-14 12:01:00