Virus attacking search engines! Cannot search with Google, Yahoo, Msn etc.

Here are my logs! Thanks for any speeding help!!

Logfile of HijackThis v1.99.1
Scan saved at 10:03:41 AM, on 5/15/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\OWNER~1.MAR\LOCALS~1\Temp\Rar$EX00.607 \HijackThis.exe
C:\Program Files\Yahoo!\Antivirus\autodown.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\ blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CC409ED-2208-4AD4-8B7E-0359C03CE217} - \
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {145265AC-5654-4E80-B89E-7058808AAAA9} - \
O2 - BHO: (no name) - {201DAA0E-E027-42E1-A783-9233663576B8} - \
O2 - BHO: (no name) - {22A24855-CF41-42CE-B577-04189C3F9225} - \
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: Helper Class - {33161E98-0A6C-4d3c-BD62-3A7D56137F52} - C:\WINDOWS\System32\mac1.dll (file missing)
O2 - BHO: (no name) - {3643E2B5-CD62-4B0D-A034-B291FCB19F65} - \
O2 - BHO: (no name) - {41B108BD-FCA5-47AE-AB6D-01C7744C71EB} - \
O2 - BHO: (no name) - {4904B498-765B-487B-B23B-7B922CF49FE3} - \
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {586a52ad-956c-47aa-92de-d4b56af818c6} - C:\WINDOWS\system32\mscatl.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5D6412BF-5037-444B-A808-587D72AE7689} - \
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {73E03E43-2F35-4CD2-BFB7-CF0F10D269C2} - \
O2 - BHO: (no name) - {7F69E35F-2687-4B05-B3F6-62B16FFD2A5A} - \
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {8A37E44C-A896-42F4-A0A4-8C3FDDB34EC6} - \
O2 - BHO: (no name) - {8CFD3A9B-5A76-43C6-92DA-D6E377A15961} - \
O2 - BHO: (no name) - {95083BBE-0989-499A-8313-FF2A6C36AF31} - \
O2 - BHO: 0 - {9FC0EFDE-26BA-4D13-4DB7-1D98B906BD5D} - C:\Program Files\NetMeeting\laduqad843.dll (file missing)
O2 - BHO: (no name) - {A890D5A6-A371-402F-A195-4908235C4466} - \
O2 - BHO: (no name) - {ADD1F709-D4BC-4B48-9711-AC0B81842A86} - \
O2 - BHO: (no name) - {AF1AD9D3-4E23-4C1B-AE15-67A7F74B681D} - \
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {CC6A2A6E-BB93-4613-8E7F-13184DBD0CA5} - \
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {DB5D53E1-610A-471C-B80B-CACCBAA57DBA} - \
O2 - BHO: (no name) - {E34E9BA0-D1DA-409B-A542-4E2BC90C53A4} - \
O2 - BHO: (no name) - {E69B5DA8-706B-40FB-9CBE-E4181F7F7BF5} - \
O2 - BHO: (no name) - {EBA5C41B-0065-4D0C-88FB-4E4FBA91501B} - \
O2 - BHO: msnhlp32.msn_hlp - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - C:\WINDOWS\System32\msnhlp32.dll (file missing)
O2 - BHO: (no name) - {F2677CDC-6C92-4245-BE33-5A770EAA12EF} - \
O2 - BHO: (no name) - {F375A30E-1C09-47C0-A94E-8FDF1FE80B8E} - \
O2 - BHO: (no name) - {F8ECA2AA-190B-4A33-A4C9-C3E7BB3FBD17} - \
O2 - BHO: (no name) - {F9886415-C3E4-4AFB-BE41-5F7845DD9139} - \
O2 - BHO: (no name) - {FA05B03E-712A-4AD6-B611-B0C6A35D4954} - \
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.d ll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17d01600...p/RdxIE601.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\iegzqgz.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mscatl - mscatl.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe" "C:\Program Files\NewDotNet\nncore.dll" ServiceStart (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

------------------------------------------------------------------------

SmitFraudFix v2.181

Scan done at 11:10:04.38, Mon 05/14/2007
Run from C:\Documents and Settings\Owner.MARK-S4789FOFPT\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\susp.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner.MARK-S4789FOFPT


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner.MARK-S4789FOFPT\Application Data

C:\Documents and Settings\Owner.MARK-S4789FOFPT\Application Data\Install.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\OWNER~1.MAR\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\NetMeeting\\promyfsywu.html"
"SubscribedURL"=""
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\System32\\iegzqgz.dll "


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 66.196.212.10
DNS Server Search Order: 216.201.128.10

HKLM\SYSTEM\CCS\Services\Tcpip\..\{39EEBA3C-2F84-403F-8620-3BA8CC906934}: DhcpNameServer=66.196.212.10 216.201.128.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{39EEBA3C-2F84-403F-8620-3BA8CC906934}: DhcpNameServer=66.196.212.10 216.201.128.10
HKLM\SYSTEM\CS2\Services\Tcpip\..\{39EEBA3C-2F84-403F-8620-3BA8CC906934}: DhcpNameServer=66.196.212.10 216.201.128.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=66.196.212.10 216.201.128.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=66.196.212.10 216.201.128.10
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=66.196.212.10 216.201.128.10


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

------------------------------------------------------------------------

ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\Owner.MARK-S4789FOFPT\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-15 ))))))))))))))))))))))))))))))))))


2007-05-15 09:53 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-14 11:10 2,742 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-05-14 11:09 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-05-14 11:09 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-05-14 11:09 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-05-09 07:31 155,648 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll
2007-05-09 00:23 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-08 23:50 <DIR> d-------- C:\Program Files\msn gaming zone
2007-05-08 23:42 90,624 --a------ C:\WINDOWS\SYSTEM32\msoert2.dll
2007-05-08 23:42 9,728 --a------ C:\WINDOWS\SYSTEM32\mstinit.exe
2007-05-08 23:42 73,728 --a------ C:\WINDOWS\SYSTEM32\ils.dll
2007-05-08 23:42 70,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sr.sys
2007-05-08 23:42 65,536 --a------ C:\WINDOWS\SYSTEM32\msconf.dll
2007-05-08 23:42 61,952 --a------ C:\WINDOWS\SYSTEM32\srclient.dll
2007-05-08 23:42 32,384 --a------ C:\WINDOWS\SYSTEM32\mnmdd.dll
2007-05-08 23:42 249,856 --a------ C:\WINDOWS\SYSTEM32\mstask.dll
2007-05-08 23:42 24,576 --a------ C:\WINDOWS\SYSTEM32\nmmkcert.dll
2007-05-08 23:42 228,864 --a------ C:\WINDOWS\SYSTEM32\msoeacct.dll
2007-05-08 23:42 218,112 --a------ C:\WINDOWS\SYSTEM32\srrstr.dll
2007-05-08 23:42 158,720 --a------ C:\WINDOWS\SYSTEM32\schedsvc.dll
2007-05-08 23:42 155,136 --a------ C:\WINDOWS\SYSTEM32\srsvc.dll
2007-05-08 23:38 88,576 --a------ C:\WINDOWS\SYSTEM32\tscfgwmi.dll
2007-05-08 23:38 8,704 --a------ C:\WINDOWS\SYSTEM32\icaapi.dll
2007-05-08 23:38 73,864 --a------ C:\WINDOWS\SYSTEM32\rdpwsx.dll
2007-05-08 23:38 57,344 --a------ C:\WINDOWS\SYSTEM32\licwmi.dll
2007-05-08 23:38 56,320 --a------ C:\WINDOWS\SYSTEM32\remotepg.dll
2007-05-08 23:38 503,296 --a------ C:\WINDOWS\SYSTEM32\mstscax.dll
2007-05-08 23:38 41,984 --a------ C:\WINDOWS\SYSTEM32\rdpclip.exe
2007-05-08 23:38 40,448 --a------ C:\WINDOWS\SYSTEM32\tscupgrd.exe
2007-05-08 23:38 4,096 --a------ C:\WINDOWS\SYSTEM32\wuauserv.dll
2007-05-08 23:38 385,536 --a------ C:\WINDOWS\SYSTEM32\mstsc.exe
2007-05-08 23:38 32,768 --a------ C:\WINDOWS\SYSTEM32\cfgbkend.dll
2007-05-08 23:38 197,632 --a------ C:\WINDOWS\SYSTEM32\termsrv.dll
2007-05-08 23:38 181,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rdpdr.sys
2007-05-08 23:38 14,848 --a------ C:\WINDOWS\SYSTEM32\rdpsnd.dll
2007-05-08 23:38 134,656 --a------ C:\WINDOWS\SYSTEM32\rdchost.dll
2007-05-08 23:38 130,048 --a------ C:\WINDOWS\SYSTEM32\sessmgr.exe
2007-05-08 23:38 12,288 --a------ C:\WINDOWS\SYSTEM32\rdsaddin.exe
2007-05-08 23:38 113,944 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-05-08 23:38 107,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rdpwd.sys
2007-05-08 23:38 1,081,112 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-05-08 23:37 5,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
2007-05-08 23:35 55,808 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2007-05-08 23:35 24,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2007-05-08 23:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ReinstallBackups
2007-05-08 23:33 37,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2007-05-08 23:24 70,656 --a------ C:\WINDOWS\SYSTEM32\storprop.dll
2007-05-08 23:24 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2007-05-08 23:24 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2007-05-08 23:01 <DIR> d-------- C:\$WIN_NT$.~BT
2007-04-29 15:38 <DIR> d-------- C:\Program Files\Dealio
2007-04-24 20:31 3,481,600 --a------ C:\DOCUME~1\OWNER~1.MAR\ntuser.dat
2007-04-21 13:49 <DIR> d-------- C:\HiJackthis
2007-04-17 19:46 18,432 --a------ C:\WINDOWS\sysrlb32.exe
2007-04-17 19:32 1 --a------ C:\WINDOWS\SYSTEM32\ps.dat
2007-04-17 19:32 1 --a------ C:\WINDOWS\SYSTEM32\cookie.dat
2007-04-17 19:29 4 --a------ C:\WINDOWS\SYSTEM32\stfv.bin
2007-04-17 19:28 482 --a------ C:\WINDOWS\SYSTEM32\wincrc32ie.dll
2007-04-17 19:28 28,928 --a------ C:\WINDOWS\SYSTEM32\vxddsk.exe
2007-04-17 19:28 22,272 --a------ C:\WINDOWS\SYSTEM32\Biprep.exe
2007-04-17 19:28 21,760 --a------ C:\WINDOWS\7search.dll
2007-04-17 19:28 21,248 --a------ C:\WINDOWS\swin32.dll
2007-04-17 19:28 21,248 --a------ C:\WINDOWS\flt.dll
2007-04-17 19:28 19,200 --a------ C:\WINDOWS\SYSTEM32\satmat.exe
2007-04-17 19:28 18,688 --a------ C:\WINDOWS\cdsm32.dll
2007-04-17 19:28 15,616 --a------ C:\WINDOWS\SYSTEM32\wml.exe
2007-04-17 19:28 15,616 --a------ C:\WINDOWS\pbar.dll
2007-04-17 19:28 12,032 --a------ C:\WINDOWS\SYSTEM32\SUSP.exe
2007-04-17 19:28 12 --a------ C:\WINDOWS\SYSTEM32\sl.bin
2007-04-17 19:27 32,512 --a------ C:\WINDOWS\saiemod.dll
2007-04-17 19:27 31,744 --a------ C:\WINDOWS\SYSTEM32\MSIXU.DLL
2007-04-17 19:27 28,672 --a------ C:\WINDOWS\SYSTEM32\salm.exe
2007-04-17 19:27 22,272 --a------ C:\WINDOWS\mspphe.dll
2007-04-17 19:27 21,504 --a------ C:\WINDOWS\bjam.dll
2007-04-17 19:27 17,408 --a------ C:\WINDOWS\SYSTEM32\WER8274.DLL
2007-04-17 19:27 16,128 --a------ C:\WINDOWS\SYSTEM32\180ax.exe
2007-04-17 19:27 12,544 --a------ C:\WINDOWS\SYSTEM32\updatetc.exe
2007-04-17 19:27 12 --a------ C:\WINDOWS\SYSTEM32\gtv_sd.bin


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2007-05-14 16:13:43 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-14 14:55:00 630,464 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
2007-05-14 14:55:00 108,656 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-05-14 14:44:26 -------- d-----w C:\Program Files\Yahoo!
2007-05-11 00:01:54 -------- d-----w C:\Program Files\Fellowes
2007-05-09 04:42:47 -------- d-----w C:\Program Files\Movie Maker
2007-05-09 04:39:55 22,744 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-09 04:22:01 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-09 03:43:17 -------- d-----w C:\Program Files\eMule
2007-05-09 03:30:16 -------- d-----w C:\Program Files\Online Services
2007-05-09 03:28:55 -------- d-----w C:\Program Files\Windows NT
2007-04-13 23:02:43 -------- d-----w C:\DOCUME~1\OWNER~1.MAR\APPLIC~1\Plan Upload Win
2007-04-13 12:59:45 85,960 ----a-w C:\WINDOWS\itpb_7.exe
2007-04-12 23:41:49 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-04-12 23:32:04 -------- d-----w C:\Program Files\BitDownload
2007-04-12 23:29:46 53,248 ----a-w C:\WINDOWS\system32\silc_dll.dll
2007-04-12 04:13:19 931 ----a-w C:\WINDOWS\system32\winpfz32.sys
2007-04-06 19:27:01 139,264 ----a-w C:\TTC.dll
2007-02-06 04:38:15 1,127 ----a-w C:\WINDOWS\checkip.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.d ll [2005-04-22 21:40]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 22:38]
{0CC409ED-2208-4AD4-8B7E-0359C03CE217}=\ [2007-05-15 09:57]
{145265AC-5654-4E80-B89E-7058808AAAA9}=\ [2007-05-15 09:57]
{201DAA0E-E027-42E1-A783-9233663576B8}=\ [2007-05-15 09:57]
{22A24855-CF41-42CE-B577-04189C3F9225}=\ [2007-05-15 09:57]
{33161E98-0A6C-4d3c-BD62-3A7D56137F52}=C:\WINDOWS\System32\mac1.dll []
{3643E2B5-CD62-4B0D-A034-B291FCB19F65}=\ [2007-05-15 09:57]
{41B108BD-FCA5-47AE-AB6D-01C7744C71EB}=\ [2007-05-15 09:57]
{4904B498-765B-487B-B23B-7B922CF49FE3}=\ [2007-05-15 09:57]
{586a52ad-956c-47aa-92de-d4b56af818c6}=C:\WINDOWS\system32\mscatl.dll []
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-06 03:04]
{5D6412BF-5037-444B-A808-587D72AE7689}=\ [2007-05-15 09:57]
{73E03E43-2F35-4CD2-BFB7-CF0F10D269C2}=\ [2007-05-15 09:57]
{7F69E35F-2687-4B05-B3F6-62B16FFD2A5A}=\ [2007-05-15 09:57]
{8A37E44C-A896-42F4-A0A4-8C3FDDB34EC6}=\ [2007-05-15 09:57]
{8CFD3A9B-5A76-43C6-92DA-D6E377A15961}=\ [2007-05-15 09:57]
{95083BBE-0989-499A-8313-FF2A6C36AF31}=\ [2007-05-15 09:57]
{9FC0EFDE-26BA-4D13-4DB7-1D98B906BD5D}=C:\Program Files\NetMeeting\laduqad843.dll []
{A890D5A6-A371-402F-A195-4908235C4466}=\ [2007-05-15 09:57]
{ADD1F709-D4BC-4B48-9711-AC0B81842A86}=\ [2007-05-15 09:57]
{AF1AD9D3-4E23-4C1B-AE15-67A7F74B681D}=\ [2007-05-15 09:57]
{CC6A2A6E-BB93-4613-8E7F-13184DBD0CA5}=\ [2007-05-15 09:57]
{DB5D53E1-610A-471C-B80B-CACCBAA57DBA}=\ [2007-05-15 09:57]
{E34E9BA0-D1DA-409B-A542-4E2BC90C53A4}=\ [2007-05-15 09:57]
{E69B5DA8-706B-40FB-9CBE-E4181F7F7BF5}=\ [2007-05-15 09:57]
{EBA5C41B-0065-4D0C-88FB-4E4FBA91501B}=\ [2007-05-15 09:57]
{EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89}=C:\WINDOWS\System32\msnhlp32.dll []
{F2677CDC-6C92-4245-BE33-5A770EAA12EF}=\ [2007-05-15 09:57]
{F375A30E-1C09-47C0-A94E-8FDF1FE80B8E}=\ [2007-05-15 09:57]
{F8ECA2AA-190B-4A33-A4C9-C3E7BB3FBD17}=\ [2007-05-15 09:57]
{F9886415-C3E4-4AFB-BE41-5F7845DD9139}=\ [2007-05-15 09:57]
{FA05B03E-712A-4AD6-B611-B0C6A35D4954}=\ [2007-05-15 09:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.ex e"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.ex e"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"IPInSightMonitor 02"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPMon32.exe\""
"Motive SmartBridge"="C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\Mo tiveSB.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.ex e"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"BCMSMMSG"="BCMSMMSG.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-02 18:21]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-02 18:15]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-01-24 10:17]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-01-24 10:05]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 23:26]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 03:52]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\Motive SB.exe" [2003-12-10 06:52]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 03:04]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2005-06-16 21:43]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2005-06-16 21:43]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2005-04-22 21:49]
"BCMSMMSG"="BCMSMMSG.exe" [])
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-16 20:08]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\NetMeeting\promyfsywu.html

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mscatl

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\System32\iegzqgz.dl l"

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users.windows^start menu^programs^startup^sbc self support tool.lnk
C:\PROGRA~1\SBCSEL~1\bin\matcli.exe -boot

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipinsightlan 02
"C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozru
C:\Program Files\Common Files\ozru\ozrum.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows registry repair pro
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ybrowser
C:\Program Files\Yahoo!\browser\ybrwicon.exe


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

************************************************** ******************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-15 10:01:07
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


************************************************** ******************

Completion time: 2007-05-15 10:01:43
C:\ComboFix-quarantined-files.txt ... 2007-05-15 10:01
C:\ComboFix2.txt ... 2007-05-15 09:53

Welcome,

Before we can do anything to your computer you must get service pack 1a or we will be wasting our time as you will get infected immediately again.


Link below will take you to microsoft site to get it. Do not get service pack 2 on this computer, not until you are clean of malware. You are definately heavily infected.


http://www.microsoft.com/windowsxp/d...1/default.mspx


When you do get it post a new hijackthis log like this:



Please go to hijackthis.exe and right click on it and then click on rename and rename it to foolyou.exe, press enter
and post a new log from the newly renamed hijackthis.exe. Sometimes malware hides from hijackthis.exe.

__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Thanks for the tips! The virus was attacking all my usb ports..? I said to hell with it and reloaded windows Xp home. What do I need to install to make sure I am protected from viruses! Such as service packs, Zone ALarm etc..

Oh picture is way to small now..how do I fix this?

Try some of these:



Here are some preventive measures you can take to keep your computer from getting infected again. also keep all these and Ad-awareSE and SpybotS&D updated.

Read This First - IMPORTANT Instructions



RegProtect

This small registry protection tool will save you hours of heartache by notifying you when some program good or bad is trying to access your registry.

You have the option of allowing(good) items or blocking(bad)items.

http://www.diamondcs.com.au/index.php?page=regprot


To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:

1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us

http://www.microsoft.com/windows/ie/default.asp


2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1

Avast: http://www.avast.com/eng/avast_4_home.html


3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
Windows Defender

http://www.microsoft.com/athome/secu...e/default.mspx


4. Consider using a free firewall if you are not already using one. Some good free ones are:
Kerio
http://www.sunbelt-software.com/Kerio.cfm

Zone Labs Personal Firewall:
Zone Labs



5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: www.mozilla.org/products/firefox/


6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:

http://www.javacoolsoftware.com/spywareblaster.html


If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/


IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiuc.edu/ehowes/www/resource.htm


Block access to Untrustworthy Sites

You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the: MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.



*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free

__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Thanks my friend! Real quick- how do I get the windows screen larger on my laptop?? The window is very small after reloading it..? It is in the middle but is no full screen.

Thanks,
mark

The only way I can think of is to click the little box at the top right corner or drag the edges and the top and bottom to fit the screen.

Good luck

__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.