Webuser Forums: Spyware has infected my computer and I need help to remove it.

Thank you Brian. Your help is very appreciated. Here are the Combofix and New Hijackthis Logs you requested for review. Everything apprears to be run as normal now. Except I did get a popup on the screen for a spyware web sight and there is still a tool bar on my IE7 online browser page with the name "sgoblxtm" it has 4 icons (remove popups/scan spyware/security test/and spam protection. I right clicked and unchecked it in the tool bar menu . But all the other things appear to be gone. Let me know If I need to do anything else.

=====================================================

ComboFix 08-04-14.2 - William A. Hudson 2008-04-15 17:52:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.183 [GMT -7:00]
Running from: C:\Documents and Settings\William A. Hudson\Desktop\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Favorites\Online Security Test.url
C:\Documents and Settings\William A. Hudson\Desktop\Error Cleaner.url
C:\Documents and Settings\William A. Hudson\Desktop\Privacy Protector.url
C:\Documents and Settings\William A. Hudson\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\William A. Hudson\Desktopblackbird.jpg
C:\Documents and Settings\William A. Hudson\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\William A. Hudson\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\William A. Hudson\Desktopfilemanagerclient.exe
C:\Documents and Settings\William A. Hudson\Desktopfkwp1.5.exe
C:\Documents and Settings\William A. Hudson\Desktopfkwp2.0.exe
C:\Documents and Settings\William A. Hudson\Desktopfwebd.exe
C:\Documents and Settings\William A. Hudson\DesktopFWebdEditor.exe
C:\Documents and Settings\William A. Hudson\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\William A. Hudson\Desktopvirii
C:\Documents and Settings\William A. Hudson\Favorites\Error Cleaner.url
C:\Documents and Settings\William A. Hudson\Favorites\Privacy Protector.url
C:\Documents and Settings\William A. Hudson\Favorites\Spyware&Malware Protection.url
C:\Program Files\Common Files\Delsim
C:\Program Files\Common Files\Delsim\uninstall.bat
C:\Program Files\Common Files\drivecleaner free
C:\Program Files\Common Files\drivecleaner free\laststat.dat
C:\Program Files\DefenderPro AntiSpy\AntiSpy\Def\CnsMin.dsc
C:\Program Files\DefenderPro AntiSpy\AntiSpy\Def\CnsMin.prf
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\video access activex object
C:\Program Files\video access activex object\ot.ico
C:\Program Files\video access activex object\ts.ico
C:\Program Files\video access activex object\uninst.exe
C:\WINDOWS\a.bat
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\efcDUmjj.dll
C:\WINDOWS\system32\hhbtlmht.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnlmJAR.dll
C:\WINDOWS\system32\RAJmlnnn.ini
C:\WINDOWS\system32\RAJmlnnn.ini2
C:\WINDOWS\system32\ssqPigGw.dll
C:\WINDOWS\system32\thmltbhh.ini
C:\WINDOWS\system32\xbuapxmv.ini
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winhelp.ini
C:\WINDOWS\winsystem.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-15 10:38 . 2008-04-15 10:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-15 09:42 . 2008-04-15 09:43 2,855 --a--c--- C:\Documents and Settings\William A. Hudson\DesktopTrojan.Win32.BlackBird.PIF
2008-04-15 09:38 . 2008-04-15 09:38 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-15 02:46 . 2008-04-15 02:46 3,648 --a--c--- C:\WINDOWS\system32\rsmjacyj.dll
2008-04-14 16:11 . 2008-04-14 16:13 <DIR> d-------- C:\Program Files\Defender Pro
2008-04-14 12:59 . 2004-08-04 05:00 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll.bk8
2008-04-14 04:12 . 2008-04-15 13:13 <DIR> d----c--- C:\Documents and Settings\William A. Hudson\Application Data\TmpRecentIcons
2008-04-14 03:47 . 2008-04-14 03:47 37 --a------ C:\WINDOWS\omniASsdk.dat
2008-04-14 03:46 . 2008-04-14 03:46 <DIR> d-------- C:\WINDOWS\AntiSpy
2008-04-14 03:13 . 2008-04-14 23:59 <DIR> d-------- C:\Program Files\DefenderPro AntiSpy
2008-04-14 03:13 . 2004-08-04 05:00 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll.bk7
2008-04-14 03:08 . 2004-08-04 05:00 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll.bk6
2008-04-14 03:04 . 1998-06-16 16:45 77,878 --a------ C:\WINDOWS\system32\msvcirt.dll.bk5
2008-04-14 02:57 . 2004-08-04 05:00 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll.bk4
2008-04-14 02:54 . 2004-08-04 05:00 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll.bk3
2008-04-14 02:53 . 1998-06-16 16:45 77,878 --a------ C:\WINDOWS\system32\msvcirt.dll.bk2
2008-04-14 02:44 . 2008-04-14 02:44 3,648 --a--c--- C:\WINDOWS\system32\rjyltlvp.dll
2008-04-14 02:37 . 2008-04-14 02:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ehsfahad
2008-04-14 02:37 . 2008-04-13 23:39 217,088 --a------ C:\WINDOWS\dsktbwfe.dll
2008-04-14 02:37 . 2008-04-13 23:39 212,992 --a------ C:\WINDOWS\nslbvxpgtkn.dll
2008-04-14 02:37 . 2008-04-13 23:39 172,032 --a------ C:\WINDOWS\ogxtsepr.dll
2008-04-14 02:37 . 2008-04-13 23:39 151,552 --a------ C:\WINDOWS\sgoblxtm.dll
2008-04-14 02:37 . 2008-04-14 02:37 106,496 --a------ C:\WINDOWS\system32\sloxafkp.exe
2008-04-14 02:37 . 2008-04-13 23:39 81,920 --a------ C:\WINDOWS\spnkfwad.exe
2008-04-14 02:21 . 2008-04-14 03:03 <DIR> d-------- C:\Program Files\ImageConverter Plus
2008-04-13 21:30 . 2008-04-14 01:46 <DIR> d----c--- C:\VideoFiles
2008-04-13 21:18 . 2008-04-13 21:18 <DIR> d-------- C:\Program Files\AliveMedia
2008-04-13 21:18 . 2002-05-23 20:40 110,080 --a------ C:\WINDOWS\system32\nLame.dll
2008-04-13 21:18 . 2001-06-23 21:20 23,040 --a------ C:\WINDOWS\system32\auth.dll
2008-04-13 21:12 . 2008-04-14 06:49 <DIR> d----c--- C:\DVDMovie
2008-04-13 21:06 . 2008-04-13 21:21 67 --a------ C:\WINDOWS\AoADVDRipper.INI
2008-04-13 21:05 . 2008-04-13 21:05 <DIR> d-------- C:\Program Files\AoA DVD Ripper
2008-04-13 21:05 . 2008-04-13 21:05 3,082 --a------ C:\WINDOWS\system32\affv9553p6now.sys
2008-04-13 20:51 . 2008-04-13 20:51 <DIR> d----c--- C:\Documents and Settings\William A. Hudson\Application Data\dvdcss
2008-04-13 20:49 . 2008-04-13 20:49 <DIR> d-------- C:\Program Files\ImTOO
2008-04-13 20:28 . 2008-04-13 20:28 <DIR> d----c--- C:\Documents and Settings\WILLIA~1\LOCALS~1
2008-04-13 20:28 . 2008-04-13 20:28 <DIR> d----c--- C:\Documents and Settings\WILLIA~1
2008-04-13 20:28 . 2002-07-17 16:22 4,455 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-04-13 20:28 . 2002-07-17 16:22 3,535 --a------ C:\WINDOWS\system\WOWPOST.EXE
2008-04-13 19:34 . 2008-04-13 19:45 <DIR> d----c--- C:\iSofterOutput
2008-04-13 19:31 . 2008-04-13 19:31 <DIR> d-------- C:\Program Files\iSofter
2008-04-13 19:31 . 2007-02-06 15:06 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-04-13 19:31 . 2007-02-06 15:06 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2008-04-13 19:31 . 2007-02-06 15:06 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2008-04-13 19:31 . 2007-02-06 15:06 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-04-13 19:31 . 2007-02-06 15:06 200,704 --a------ C:\WINDOWS\system32\dtu100.dll
2008-04-13 19:31 . 2007-02-06 15:06 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2008-04-13 19:31 . 2002-07-17 08:53 16,877 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2008-04-10 06:28 . 2008-04-11 11:35 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-04-10 06:28 . 2008-04-14 03:02 <DIR> d----c--- C:\Documents and Settings\William A. Hudson\Application Data\Audacity
2008-04-09 23:38 . 2008-04-09 23:38 <DIR> d-------- C:\Program Files\MyPodcast Recorder
2008-04-09 18:23 . 2008-04-09 18:23 <DIR> d-------- C:\Program Files\Audacity
2008-04-09 00:05 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-08 23:55 . 2008-04-08 23:55 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-08 16:21 . 2008-04-08 16:21 66 --a------ C:\WINDOWS\system32\IPCROTIDE.SYS
2008-04-08 16:20 . 2008-04-08 16:21 79 --a------ C:\WINDOWS\iPC.ini
2008-04-08 11:39 . 2008-04-13 01:49 48 --a------ C:\WINDOWS\.prj
2008-04-08 11:16 . 2008-04-08 11:43 <DIR> d-------- C:\Program Files\PageBreeze
2008-04-08 11:16 . 2005-01-24 12:39 503,808 --a------ C:\WINDOWS\system32\ChilkatFTPx.dll
2008-04-08 11:16 . 1998-06-24 00:00 203,576 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-04-08 11:16 . 1998-06-18 00:00 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2008-04-08 11:16 . 1999-05-15 00:24 97,280 --a------ C:\WINDOWS\system32\vspell32.ocx
2008-04-08 11:16 . 1998-11-18 11:40 89,600 --a------ C:\WINDOWS\system32\Leocx32.ocx
2008-04-08 11:16 . 1998-11-22 14:23 84,992 --a------ C:\WINDOWS\system32\Ledit32.dll
2008-04-08 11:16 . 1997-02-24 17:44 70,656 --a------ C:\WINDOWS\system32\vspell32.dll
2008-04-08 11:16 . 2008-04-14 23:49 434 --a------ C:\WINDOWS\pagebreeze.ini
2008-04-08 11:16 . 2008-04-08 11:16 44 --a------ C:\WINDOWS\formbreeze.ini
2008-04-06 16:19 . 2008-04-14 18:30 <DIR> d-------- C:\Program Files\Celtx
2008-04-06 16:19 . 2008-04-06 16:19 <DIR> d----c--- C:\Documents and Settings\William A. Hudson\Application Data\Greyfirst
2008-04-01 20:10 . 2004-07-30 12:06 28,672 --a------ C:\WINDOWS\hookdllX.dll
2008-04-01 20:04 . 2008-04-01 20:04 <DIR> d-------- C:\Program Files\Lexmark_7100 Series
2008-04-01 20:03 . 2008-04-01 20:11 11,916 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-04-01 20:01 . 2005-01-20 10:36 1,478 -ra------ C:\WINDOWS\system32\lxbx.loc
2008-04-01 20:00 . 2004-11-09 07:27 65,536 --a------ C:\WINDOWS\system32\lxbxcfg.dll
2008-04-01 19:50 . 2008-04-01 19:50 <DIR> d----c--- C:\Documents and Settings\William A. Hudson\Application Data\7100Series
2008-04-01 19:43 . 2008-04-01 19:43 <DIR> d----c--- C:\Documents and Settings\William A. Hudson\WINDOWS
2008-04-01 19:35 . 2008-04-01 20:03 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\7100Series
2008-04-01 19:34 . 2008-04-01 20:11 <DIR> d-------- C:\Program Files\Lexmark 7100 Series
2008-04-01 13:51 . 2008-04-05 17:34 <DIR> d----c--- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-04-01 13:51 . 2008-04-13 21:21 <DIR> d----c--- C:\Temp
2008-03-31 17:09 . 2008-03-31 17:09 <DIR> d-------- C:\WINDOWS\system32\New Folder
2008-03-31 17:02 . 2004-08-04 05:00 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2008-03-31 17:02 . 2004-08-04 05:00 138,752 --a--c--- C:\WINDOWS\system32\dllcache\sndvol32.exe
2008-03-31 00:39 . 2008-03-31 00:39 <DIR> d-------- C:\Program Files\detest5
2008-03-31 00:39 . 2002-12-30 00:39 114 --------- C:\WINDOWS\de04ch5.dat
2008-03-30 15:52 . 2008-03-30 15:52 <DIR> d-------- C:\WINDOWS\Sun
2008-03-30 15:50 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-30 15:49 . 2008-03-30 15:50 <DIR> d-------- C:\Program Files\Java
2008-03-27 02:28 . 2008-03-27 02:28 <DIR> d----c--- C:\Documents and Settings\William A. Hudson\Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 19:58 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-14 02:22 --------- dc----w C:\Documents and Settings\William A. Hudson\Application Data\Apple Computer
2008-04-14 02:20 --------- d-----w C:\Program Files\QuickTime
2008-04-06 19:02 --------- d-----w C:\Program Files\Lx_cats
2008-04-02 03:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-02 00:16 382 ----a-w C:\Program Files\Shortcut to Program Files.lnk
2008-03-27 08:58 --------- d-----w C:\Program Files\Yahoo!
2008-03-23 23:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 17:29 --------- d-----w C:\Program Files\Google
2008-03-14 20:14 --------- dc----w C:\Documents and Settings\William A. Hudson\Application Data\Amazon
2008-03-14 20:11 --------- d-----w C:\Program Files\Amazon
2008-03-14 18:59 --------- d-----w C:\Program Files\Real
2008-03-14 18:28 --------- dc----w C:\Documents and Settings\Administrator\Application Data\7100Series
2008-03-14 18:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Napster
2008-03-14 18:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
2008-03-14 18:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-03-14 18:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 18:22 --------- d-----w C:\Program Files\EPSON
2008-03-14 18:21 --------- d-----w C:\Program Files\OfficeUpdate11
2008-03-13 04:39 --------- d-----w C:\Program Files\Unlocker
2008-03-10 18:50 --------- d-----w C:\Program Files\iTunes
2008-03-10 18:49 --------- d-----w C:\Program Files\iPod
2008-03-10 18:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-03-10 18:48 --------- d-----w C:\Program Files\Bonjour
2008-03-10 18:46 --------- d-----w C:\Program Files\Apple Software Update
2008-03-10 18:45 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-10 18:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-03-08 11:04 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-07 02:27 --------- dc----w C:\Documents and Settings\William A. Hudson\Application Data\Desktopicon
2008-03-07 00:04 --------- dc----w C:\Documents and Settings\William A. Hudson\Application Data\Media Player Classic
2008-03-06 23:35 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-06 23:25 --------- d-----w C:\Program Files\Decoder
2008-03-06 23:14 --------- d-----w C:\Program Files\AVSMedia
2008-03-06 23:03 --------- d-----w C:\Program Files\DivX
2008-03-06 23:01 --------- dc----w C:\Documents and Settings\William A. Hudson\Application Data\DivX
2008-03-06 01:04 --------- dc----w C:\Documents and Settings\William A. Hudson\Application Data\MySpace
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-02-21 02:05 129,784 ----a-w C:\WINDOWS\system32\PxAFS.DLL
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-01 10:21 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-08-12 04:13 92,064 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\mqdmmdm.sys
2007-08-12 04:13 9,232 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\mqdmmdfl.sys
2007-08-12 04:13 79,328 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\mqdmserd.sys
2007-08-12 04:13 66,656 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\mqdmbus.sys
2007-08-12 04:13 6,208 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\mqdmcmnt.sys
2007-08-12 04:13 5,936 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\mqdmwhnt.sys
2007-08-12 04:13 4,048 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\mqdmcr.sys
2007-08-12 04:13 25,600 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\usbsermptxp.sys
2007-08-12 04:13 22,768 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\usbsermpt.sys
2006-10-03 09:43 2,402,550 ----a-w C:\WINDOWS\inf\SET6F.tmp
2006-10-03 09:43 2,402,550 ----a-w C:\WINDOWS\inf\SET1B0.tmp
2005-12-15 19:03 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2000-01-01 08:39 271 --sh--w C:\Program Files\desktop.ini
2000-01-01 08:39 21,952 ---ha-w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97EBE3CC-10A7-4619-B127-9B5D4FA476A8}]
2008-04-13 23:39 212992 --a------ C:\WINDOWS\nslbvxpgtkn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{57ABA3CE-E927-4C81-BE2E-E20CAEC6645F}"= "C:\WINDOWS\sgoblxtm.dll" [2008-04-13 23:39 151552]

[HKEY_CLASSES_ROOT\clsid\{57aba3ce-e927-4c81-be2e-e20caec6645f}]
[HKEY_CLASSES_ROOT\sgoblxtm.1]
[HKEY_CLASSES_ROOT\TypeLib\{CBA0A72A-C5B0-47F8-9BD7-307B7708A58D}]
[HKEY_CLASSES_ROOT\sgoblxtm]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-14 14:09 171448]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"zxcrqdht"="C:\WINDOWS\system32\sloxafkp.exe" [2008-04-14 02:37 106496]
"UIWatcher"="C:\Program Files\Defender Pro\Defender Pro Uninstaller\UIWatcher.exe" [2004-05-24 20:04 519680]
"uaextvrz"="C:\WINDOWS\system32\lwrkjolo.exe" [2008-04-15 18:10 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-29 22:10 15872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-10 11:40 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 08:08 69632]
"lxbxmon.exe"="C:\Program Files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 02:43 196608]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 7100 Series\fm3032.exe" [2004-12-06 11:53 286720]
"EzPrint"="C:\Program Files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 06:24 61440]
"Sound Card Driver"="C:\My Games\LIBERTY-F82BA2D\svchost.exe" [ ]
"KAVPersonal50"="C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" [2005-10-21 02:21 387687]
"LaunchAntiSpy"="C:\Program Files\DefenderPro AntiSpy\TSAntiSpy.exe" [2007-09-05 04:06 1630208]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 1.9.118.lnk - C:\Program Files\OpenOffice.org 1.9.118\program\quickstart.exe [2005-06-21 21:39:12 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"kEU1gkL26I"= C:\Documents and Settings\All Users.WINDOWS\Application Data\ehsfahad\klivyxeh.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= <a href="file:///C:\WINDOWS\privacy_danger\index.htm" target="_blank">file:///C:\WINDOWS\privacy_danger\index.htm</a>
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDUmjj]
efcDUmjj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Defender Pro\\Defender Pro Anti-Virus\\kav.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2005-10-03 07:59]
R3 atirage;atirage;C:\WINDOWS\system32\DRIVERS\atiragem.sys [2001-08-17 05:48]
R3 GigNIC;NDIS5.1 Miniport Driver for Belkin Gigabit Desktop Card;C:\WINDOWS\system32\DRIVERS\GigNIC.sys [2004-03-19 18:21]
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-17 06:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Setup.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 09:11:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 18:06:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\lwrkjolo.exe 106496 bytes executable

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
.
**************************************************************************
.
Completion time: 2008-04-15 18:20:15 - machine was rebooted [William A. Hudson]
ComboFix-quarantined-files.txt 2008-04-16 01:18:54

Pre-Run: 1,475,772,416 bytes free
Post-Run: 1,783,644,160 bytes free
.
2008-04-15 15:26:45 --- E O F ---

===============================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:38 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\ehsfahad\klivyxeh.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\lwrkjolo.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: DVA Storm - {97EBE3CC-10A7-4619-B127-9B5D4FA476A8} - C:\WINDOWS\nslbvxpgtkn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: sgoblxtm - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - C:\WINDOWS\sgoblxtm.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [Sound Card Driver] C:\My Games\LIBERTY-F82BA2D\svchost.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [LaunchAntiSpy] C:\Program Files\DefenderPro AntiSpy\TSAntiSpy.exe /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [zxcrqdht] C:\WINDOWS\system32\sloxafkp.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Defender Pro\Defender Pro Uninstaller\UIWatcher.exe
O4 - HKCU\..\Run: [uaextvrz] C:\WINDOWS\system32\lwrkjolo.exe
O4 - HKLM\..\Policies\Explorer\Run: [kEU1gkL26I] C:\Documents and Settings\All Users.WINDOWS\Application Data\ehsfahad\klivyxeh.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - <a href="res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000" target="_blank">res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000</a>
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1204853167340
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/...ows-i586-jc.cab
O20 - Winlogon Notify: efcDUmjj - efcDUmjj.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O24 - Desktop Component 0: Privacy Protection - <a href="file:///C:\WINDOWS\privacy_danger\index.htm" target="_blank">file:///C:\WINDOWS\privacy_danger\index.htm</a>

--
End of file - 7493 bytes

Edited by God_Is_The_Light (Wed Apr 16 2008 02:37 AM)

Post Extras