My comments are in red. Ok I did what you said step by step. Here is the mslook results:REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LSA Shellu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lsass"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\Drew\\lsass.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000002
And next is the combo fix, this one is pretty lengthy: (Oh and i noticed it said I didn't have the recovery console installed, I thought the system restore point it created was the same thing. I guess I got lucky)ComboFix 08-06-20.4 - Drew 2008-06-29 19:24:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.576 [GMT -4:00]
Running from: C:\Documents and Settings\Drew\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Drew\Application Data\macromedia\Flash Player\#SharedObjects\GX2KQHFD\www.broadcaster.com
C:\Documents and Settings\Drew\Application Data\macromedia\Flash Player\#SharedObjects\GX2KQHFD\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Drew\Application Data\macromedia\Flash Player\#SharedObjects\GX2KQHFD\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Drew\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Drew\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings. sol
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\BMeb7c77fd.xml
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\f10
C:\WINDOWS\system32\f10\kscomdll3.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\lRruwyxx.ini
C:\WINDOWS\system32\lRruwyxx.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\poypcixp.ini
C:\WINDOWS\system32\pyyjamcb.ini
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\tcntaxdm.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\xxywurRl.dll
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.
2008-06-29 19:46 . 2008-06-29 19:46 95,232 --a------ C:\WINDOWS\system32\rsjcsush.dll
2008-06-29 19:44 . 2008-06-29 19:47 646,916 --ahs---- C:\WINDOWS\system32\xxxacccf.ini2
2008-06-29 19:44 . 2008-06-29 19:47 646,916 --ahs---- C:\WINDOWS\system32\xxxacccf.ini
2008-06-29 19:44 . 2008-06-29 19:46 0 --a------ C:\WINDOWS\BMeb7c77fd.xml
2008-06-29 19:43 . 2008-06-29 19:43 284,672 --a------ C:\WINDOWS\system32\fcccaxxx.dll
2008-06-29 18:04 . 2008-06-29 18:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-29 15:25 . 2008-06-29 15:25 87,040 --------- C:\WINDOWS\system32\bcmajyyp.dll
2008-06-29 15:22 . 2008-06-29 15:22 104,448 --a------ C:\WINDOWS\system32\lajhng.dll
2008-06-29 15:22 . 2008-06-29 15:22 104,448 --a------ C:\WINDOWS\system32\cantbbeo.dll
2008-06-29 15:20 . 2008-06-29 15:20 95,232 --a------ C:\WINDOWS\system32\vbkxbayu.dll
2008-06-28 11:14 . 2008-06-28 11:14 104,960 --a------ C:\WINDOWS\system32\zdpyya.dll
2008-06-28 11:14 . 2008-06-28 11:14 104,960 --a------ C:\WINDOWS\system32\qjpnfwsl.dll
2008-06-28 11:11 . 2008-06-28 11:11 94,208 --a------ C:\WINDOWS\system32\ltvscmod.dll
2008-06-28 10:38 . 2008-06-28 10:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-28 10:38 . 2008-06-28 11:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-28 10:30 . 2008-06-28 10:30 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-27 17:04 . 2008-06-27 17:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-27 17:04 . 2008-06-27 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-27 17:03 . 2008-06-27 17:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 16:49 . 2008-06-27 16:49 294 --ahs---- C:\WINDOWS\system32\mvuluotf.ini
2008-06-27 16:48 . 2008-06-27 16:48 87,040 --a------ C:\WINDOWS\system32\ftouluvm.dll
2008-06-27 16:42 . 2008-06-27 16:42 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-27 16:39 . 2008-06-27 23:40 <DIR> d--hs---- C:\WINDOWS\ZHJldyBzcG9lbHN0cmE
2008-06-27 16:38 . 2008-06-27 16:38 <DIR> d-------- C:\WINDOWS\system32\xsir
2008-06-27 16:38 . 2008-06-27 23:40 <DIR> d-------- C:\WINDOWS\system32\vec3
2008-06-27 16:38 . 2008-06-27 16:38 <DIR> d-------- C:\WINDOWS\system32\modtrux18
2008-06-27 16:38 . 2008-06-27 23:40 <DIR> d-------- C:\WINDOWS\system32\bam
2008-06-27 16:38 . 2008-06-27 16:38 <DIR> d-------- C:\Temp\syschk3
2008-06-27 16:38 . 2008-06-29 19:27 <DIR> d-------- C:\Temp
2008-06-27 16:38 . 2008-06-27 16:38 52,224 ---hs---- C:\Documents and Settings\Drew\lsass.exe
2008-06-27 16:38 . 2008-06-27 16:38 41,984 --a------ C:\WINDOWS\mrofinu1188.exe
2008-06-27 16:38 . 2008-06-27 16:38 41,984 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-06-27 16:38 . 2008-06-27 16:38 34,304 --a------ C:\WINDOWS\system32\nnnlkjKD.dll
2008-06-26 19:21 . 2008-06-26 19:21 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-26 19:19 . 2008-06-26 19:19 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-26 19:18 . 2008-06-26 19:18 <DIR> d-------- C:\Documents and Settings\Drew\Application Data\DAEMON Tools
2008-06-25 20:22 . 2008-06-26 09:49 <DIR> d-------- C:\Documents and Settings\Drew\Application Data\SPORE Creature Creator
2008-06-19 23:40 . 2008-06-19 23:40 90,073 --a------ C:\WINDOWS\system32\iftuyszv.exe
2008-06-18 22:17 . 2008-06-18 22:28 <DIR> d-------- C:\Program Files\RegCleaner
2008-06-11 10:09 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:09 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 10:26 . 2008-06-10 10:27 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-06-10 10:26 . 2008-06-10 10:26 <DIR> d-------- C:\Program Files\Ubisoft
2008-06-10 10:25 . 2008-06-10 10:25 <DIR> d--h----- C:\Documents and Settings\Drew\InstallAnywhere
2008-06-09 17:56 . 2008-06-09 18:59 <DIR> d-------- C:\Program Files\The Dark Legions
2008-06-09 17:56 . 2008-06-09 17:56 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-07 18:50 . 2008-06-07 19:38 <DIR> d-------- C:\Program Files\TripleA
2008-06-05 17:53 . 2008-06-17 20:28 341 --a------ C:\WINDOWS\system32\(null)id.tmp
2008-06-02 19:36 . 2008-06-07 22:11 <DIR> d-------- C:\Program Files\Macromedia
2008-06-02 19:36 . 2008-06-07 22:12 <DIR> d-------- C:\Program Files\Common Files\Macromedia
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-27 21:06 --------- d-----w C:\Documents and Settings\Drew\Application Data\LimeWire
2008-06-27 20:52 --------- d-----w C:\Program Files\Image-Line
2008-06-27 20:43 --------- d-----w C:\Program Files\LimeWire
2008-06-26 00:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-26 00:18 --------- d-----w C:\Program Files\Electronic Arts
2008-06-04 13:45 --------- d-----w C:\Program Files\Hp
2008-05-29 17:07 --------- d-----w C:\Documents and Settings\Drew\Application Data\U3
2008-05-24 01:39 --------- d-----w C:\Program Files\AIM6
2008-05-24 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-05-23 15:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-23 15:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-22 14:30 --------- d--h--w C:\Documents and Settings\Drew\Application Data\Move Networks
2008-05-21 22:56 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-05-21 22:54 --------- d-----w C:\Program Files\VstPlugins
2008-05-21 22:53 --------- d-----w C:\Program Files\Outsim
2008-05-21 21:54 --------- d-----w C:\Program Files\Telltale Games
2008-05-19 17:21 48,456 ----a-w C:\WINDOWS\system32\UninstallElectricSheep.exe
2008-05-19 14:08 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-18 22:12 6,086 ----a-w C:\Program Files\install.log
2008-05-18 22:12 --------- d-----w C:\Program Files\GameSpot
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 15:24 --------- d-----w C:\Program Files\Google
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 12:36 --------- d-----w C:\Program Files\Apple Software Update
2008-05-05 05:32 --------- d-----w C:\Program Files\iTunes
2008-05-05 05:32 --------- d-----w C:\Program Files\iPod
2008-05-05 05:30 --------- d-----w C:\Program Files\QuickTime
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-03 03:30 50,016 ----a-w C:\Documents and Settings\Drew\Application Data\GDIPFONTCACHEV1.DAT
2007-06-10 06:05 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-04-20 02:24 376,832 --sha-w C:\WINDOWS\system32\activexdebugger32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{068464C9-320D-46F6-847C-1D22699628C7}]
2008-06-29 19:43 284672 --a------ C:\WINDOWS\system32\fcccaxxx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21C133FE-18C9-4EC5-B2F9-597E2BAB2F71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{566e806c-153c-4104-b7c9-5eff3465e2e8}]
2008-06-29 19:50 104448 --a------ C:\WINDOWS\system32\tkbrlz.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA2A2046-75A4-47C0-A09C-F0DCC706D39B}]
2008-06-27 16:38 34304 --a------ C:\WINDOWS\system32\nnnlkjKD.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 21:51 57344]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 08:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 08:11 692316]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-09 00:05 339968]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-10-22 15:18 229438]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 21:50 40960]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 08:00 158208]
"BMeb7c77fd"="C:\WINDOWS\system32\vbkxbayu.dll" [2008-06-29 15:20 95232]
"e84f4461"="C:\WINDOWS\system32\cqejyryj.dll" [2008-06-29 19:47 87040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"DisableTaskMgr"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system ]
"DisableTaskMgr"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{BA2A2046-75A4-47C0-A09C-F0DCC706D39B}"= C:\WINDOWS\system32\nnnlkjKD.dll [2008-06-27 16:38 34304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\iftuy szv.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlkjKD]
nnnlkjKD.dll 2008-06-27 16:38 34304 C:\WINDOWS\system32\nnnlkjKD.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\fcccaxxx
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSA Shellu]
---hs---- 2008-06-27 16:38 52224 C:\Documents and Settings\Drew\lsass.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 18:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1156437538\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1156437538\\ee\\aim6.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\ElectricSheep.scr"=
R1 SSHDRV64;SSHDRV64;C:\WINDOWS\system32\drivers\SSHDRV64.sys [2007-09-24 21:34]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S1 atmunii;atmunii;C:\WINDOWS\system32\drivers\atmunii.sys []
S3 asbp2poa;asbp2poa;C:\DOCUME~1\Drew\LOCALS~1\Temp\asbp2poa.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{31080c81-0815-11dc-b193-00c09f8e8958}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{31080c82-0815-11dc-b193-00c09f8e8958}]
\Shell\Auto\command - F:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - F:\activexdebugger32.exe f
\Shell\open\Command - F:\activexdebugger32.exe f
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{b569194e-6744-11db-b161-00c09f8e8958}]
\Shell\Auto\command - E:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - E:\activexdebugger32.exe f
\Shell\open\Command - E:\activexdebugger32.exe f
.
Contents of the 'Scheduled Tasks' folder
"2008-05-28 12:56:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-06 04:19:20 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-29 19:46:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ???B?????????????H<C? ??????
scanning hidden files ...
C:\WINDOWS\msconfd.dll 32256 bytes
C:\WINDOWS\msspi.dll 8704 bytes
C:\WINDOWS\mssys.exe 13312 bytes
C:\WINDOWS\msupdate.exe 25088 bytes
C:\WINDOWS\mswsc10.dll 22016 bytes
C:\WINDOWS\mswsc20.dll 32256 bytes
C:\WINDOWS\mtwirl32.dll 8704 bytes
C:\WINDOWS\notepad32.exe 19200 bytes
C:\WINDOWS\olehelp.exe 30464 bytes
C:\WINDOWS\x.exe 32000 bytes
C:\WINDOWS\xplugin.dll 8704 bytes
C:\WINDOWS\xxxvideo.hta 30208 bytes
C:\WINDOWS\y.exe 21504 bytes
C:\WINDOWS\loader.exe 13312 bytes
C:\WINDOWS\gfmnaaa.dll 25344 bytes
C:\WINDOWS\helpcvs.exe 16640 bytes
C:\WINDOWS\iedll.exe 32512 bytes
C:\WINDOWS\iexplorer.exe 22784 bytes
C:\WINDOWS\default.htm 2022 bytes
C:\WINDOWS\system32\cqejyryj.dll 87040 bytes executable
C:\WINDOWS\system32\jyryjeqc.ini 1733280 bytes
scan completed successfully
hidden files: 21
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\nnnlkjKD.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\cqejyryj.dll
-> C:\WINDOWS\system32\rsjcsush.dll
-> C:\WINDOWS\system32\fcccaxxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\system32\activexdebugger32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2008-06-29 19:54:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 23:53:51
Pre-Run: 32,228,409,344 bytes free
Post-Run: 32,179,609,600 bytes free
352 --- E O F --- 2008-06-20 04:29:51
AND then after I rebooted I ran hijackthis (as dspools.exe.exe) one more time and received this log (A note about this i noticed the BHOs are back despite deleting them like you requested pre-combofix):Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\dspools.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... Q305&bd=pa vilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {21C133FE-18C9-4EC5-B2F9-597E2BAB2F71} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: {8e2e5643-ffe5-9c7b-4014-c351c608e665} - {566e806c-153c-4104-b7c9-5eff3465e2e8} - C:\WINDOWS\system32\tkbrlz.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {953A34BB-0138-49F6-BB2C-5E5C652D9D28} - C:\WINDOWS\system32\fcccaxxx.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {BA2A2046-75A4-47C0-A09C-F0DCC706D39B} - C:\WINDOWS\system32\nnnlkjKD.dll
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [e84f4461] rundll32.exe "C:\WINDOWS\system32\bcmajyyp.dll",b
O4 - HKLM\..\Run: [BMeb7c77fd] Rundll32.exe "C:\WINDOWS\system32\rsjcsush.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Drew\lsass.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO20 - Winlogon Notify: nnnlkjKD - C:\WINDOWS\SYSTEM32\nnnlkjKD.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8585 bytes