Rundll Error - HiJackThis Included

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 11:20   ---------   d--------   C:\Program Files\AC3Filter
2007-10-08 16:23   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-08 05:26   6692   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-08 05:26   4412   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-07 14:38   ---------   d--------   C:\Program Files\McAfee
2007-10-07 11:17   ---------   d--------   C:\Program Files\FinePixViewer
2007-10-06 11:27   ---------   d--------   C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-05 11:10   ---------   d--------   C:\Program Files\Viewpoint
2007-10-05 11:10   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-03 16:41   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 16:36   ---------   d--------   C:\Program Files\DoctorCleaner
2007-09-30 12:53   ---------   d--------   C:\Program Files\Common Files\Ahead
2007-09-30 12:15   ---------   d--------   C:\Documents and Settings\Zach\Application Data\Ahead
2007-09-30 09:24   ---------   d--------   C:\Program Files\OneStepSearch
2007-09-30 09:23   ---------   d--------   C:\Program Files\LimeWire
2007-09-30 09:21   ---------   d--------   C:\Program Files\foobar2000
2007-09-23 15:33   ---------   d--------   C:\Program Files\Bonjour
2007-09-22 14:46   ---------   d--------   C:\Program Files\Xvid
2007-09-22 14:46   ---------   d--------   C:\Program Files\Hardwood Euchre
2007-09-22 14:46   ---------   d--------   C:\Program Files\AudioRetoucher
2007-09-22 14:46   ---------   d--------   C:\Program Files\Audacity
2007-09-16 20:01   ---------   d--------   C:\Documents and Settings\Zach\Application Data\foobar2000
2007-08-14 20:40   ---------   d-a------   C:\Documents and Settings\All Users\Application Data\TEMP
2007-08-13 17:13   ---------   d--------   C:\Program Files\Google
2007-08-13 14:16   ---------   d--------   C:\Program Files\RegistryCleanerXP
2007-07-30 19:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19   271224   --a------   C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19   207736   --a------   C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18   33624   --a------   C:\WINDOWS\system32\wups.dll
.

(((((((((((((((((((((((((((((   snapshot@2007-10-08_16.49.41.78   )))))))))))))))))))))))))))))))))))))))))
.
----a-w           135,168 2007-09-28 13:06:08  C:\WINDOWS\catchme.exe
----a-w           163,328 2007-03-13 14:57:10  C:\WINDOWS\erdnt\subs\ERDNT.EXE
----a-w           279,552 2007-10-05 14:07:31  C:\WINDOWS\system32\swreg.exe
---h--w             4,212 2007-10-08 23:49:44  C:\WINDOWS\system32\zllictbl.dat
----a-w            32,768 2007-10-09 15:09:46  C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w            32,768 2007-10-09 15:09:46  C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w            49,152 2007-10-09 15:09:46  C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w             4,608 2007-10-09 12:35:13  C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DRE6P41D\dl[1].exe
----a-w             4,608 2007-10-09 15:10:57  C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DRE6P41D\dl[2].exe
----a-w             4,608 2007-10-08 23:22:50  C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UVD5RRQ8\dl[1].exe
----a-w             4,608 2007-10-08 23:48:46  C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UVD5RRQ8\dl[2].exe
----a-w            23,552 2007-10-09 15:11:00  C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UVD5RRQ8\rename[1].exe
----a-w           397,312 2003-09-03 07:30:14  C:\WINDOWS\Temp\{6F1974D6-4249-43B6-88B0-9A9B8A33956C}\ISRT.DLL
----a-w           299,008 2003-09-03 09:53:48  C:\WINDOWS\Temp\{6F1974D6-4249-43B6-88B0-9A9B8A33956C}\_ISRES.DLL
----a-w            12,288 2007-10-09 15:17:22  C:\WINDOWS\Temp\{6F1974D6-4249-43B6-88B0-9A9B8A33956C}\_ISUSER.DLL

.
----a-w           149,504 2007-09-28 13:06:08  C:\WINDOWS\catchme.exe
----a-w           178,176 2007-03-13 14:57:10  C:\WINDOWS\erdnt\subs\ERDNT.EXE
----a-w           293,888 2007-10-05 14:07:31  C:\WINDOWS\system32\swreg.exe
---h--w             4,212 2007-10-08 20:46:38  C:\WINDOWS\system32\zllictbl.dat
----a-w            32,768 2007-10-08 20:43:47  C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w            32,768 2007-10-08 20:43:47  C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w            49,152 2007-10-08 20:43:47  C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w            19,456 2007-10-05 15:03:23  C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DRE6P41D\dl[1].exe
----a-w             4,608 2007-10-06 20:25:48  C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DRE6P41D\dl[2].exe
----a-w            24,904 2007-09-29 11:56:44  C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UVD5RRQ8\dl[1].exe
----a-w            24,904 2007-09-29 12:47:14  C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UVD5RRQ8\dl[2].exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DC7C70A-B95D-4E0F-B49D-1C5D618D936C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72BDBFC0-3394-4944-BE07-BC05CF5049BE}]
2004-08-04 03:56   107409   --a------   C:\WINDOWS\system32\dmscrip.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FA1E1D-29FD-4E81-9690-C75B4E3108A0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF50F976-592A-47a4-81C7-AD34D5A3A947}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1140116236\ee\AOLSoftware.exe" [2006-05-09 20:24]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 08:39 C:\WINDOWS\SOUNDMAN.EXE]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-07 12:57]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"NWEReboot"="" []
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-10-05 16:04]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"vmc"=C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\vmc.dll
"Falcon"=C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Falcon.dll
"mswm"=C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\mswm.dll
"NetMD"=C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\NetMD.dll
"SPTISRVps"=C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SPTISR~1.DLL

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
DVD@ccess.lnk - C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe [2007-03-21 17:48:41]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-13 17:13:16]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 05:01:04]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2006-02-18 13:04:30]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 rlgujhvq;rlgujhvq;C:\WINDOWS\system32\drivers\ctnluuwh.dat
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 df401e41.sys;df401e41.sys;\??\C:\WINDOWS\system32\drivers\df401e41.sys
R2 DVDAccss;DVDAccss;C:\WINDOWS\system32\drivers\DVDAccss.sys
S4 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service

.
Contents of the 'Scheduled Tasks' folder
"2007-10-08 01:46:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-15 05:34:29 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-10-01 05:01:22 C:\WINDOWS\Tasks\McQcTask.job"
"2007-10-09 15:13:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 11:24:35
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-09 11:27:01
C:\ComboFix-quarantined-files.txt ... 2007-10-09 11:26
C:\ComboFix2.txt ... 2007-10-08 16:50
.
   --- E O F ---

New HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:46 AM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\TEMP\VRR5.tmp
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\AOL\1140116236\ee\AOLSoftware.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
c:\program files\common files\aol\1140116236\ee\aexplore.exe
C:\WINDOWS\system32\MsiExec.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
C:\Documents and Settings\Zach\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DC7C70A-B95D-4E0F-B49D-1C5D618D936C} - (no file)
O2 - BHO: (no name) - {72BDBFC0-3394-4944-BE07-BC05CF5049BE} - C:\WINDOWS\system32\dmscrip.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {A8FA1E1D-29FD-4E81-9690-C75B4E3108A0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Flash Module - {DF50F976-592A-47a4-81C7-AD34D5A3A947} - btasv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140116236\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [vmc] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\vmc.dll
O4 - HKLM\..\RunOnce: [Falcon] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Falcon.dll
O4 - HKLM\..\RunOnce: [mswm] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\mswm.dll
O4 - HKLM\..\RunOnce: [NetMD] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\NetMD.dll
O4 - HKLM\..\RunOnce: [SPTISRVps] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SPTISR~1.DLL
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140100872952
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140100857546
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10839 bytes

Here's some screens of the error messages I get on start up:

Still getting all of these errors, the only way I'm online now is running through safe mode.

 

[Mod & Malware Specialist]

I hate to be repetetive, but the CFScript doesn't appear to have worked, so please try these steps again...

We've still got a little bit of work to do, but we should be getting close.  Below is a quote box with some text.  Please copy everything inside of the box...

File::
C:\WINDOWS\system32\btasv.dll
C:\whekdwjb.exe
C:\WINDOWS\system32\sipov.dll
C:\WINDOWS\system32\drivers\wbkpwguh.dat
C:\WINDOWS\system32\drivers\ctnluuwh.dat
C:\hmwbeiik.exe
C:\qewtcr.exe
C:\pgwgygwn.exe
C:\uvbbeuu.exe
C:\nawf.exe
C:\slrce.exe
C:\WINDOWS\system32\oqtwa.bak2
C:\WINDOWS\system32\oqtwa.bak1
C:\WINDOWS\system32\hhkmp.bak2
C:\WINDOWS\system32\bootvi.dll
C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\dmscrip.dll
C:\WINDOWS\system32\drmclie.dll
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\kjkkj.bak2
C:\WINDOWS\system32\kjkkj.bak1
C:\WINDOWS\system32\drivers\ctnluuwh.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DC7C70A-B95D-4E0F-B49D-1C5D618D936C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72BDBFC0-3394-4944-BE07-BC05CF5049BE}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FA1E1D-29FD-4E81-9690-C75B4E3108A0}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF50F976-592A-47a4-81C7-AD34D5A3A947}]

Paste the contents into Notepad and save the file as CFScript.txt.  Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again.  After reboot, (in case it asks to reboot) post the contents of Combofix.txt in your next reply together with a new HijackThis log.

You could also try deleting the files manually in Safe Mode.  However, you may not be successful with a few of them.

Thanks, I'll try and report back.

ComboFix does not work on my computer anymore.
It was working until I got a two errors and it just closed out, my clock is still set on military time.

It appears this isn't going to work, I might as well just wipe the system clean, but I need a way to back up my files since Nero isn't working, any ideas?

[Mod & Malware Specialist]

Unfortunately, I'm leaving for the weekend, so I can't help out as much as I want to.  If you would like to try reformatting your computer, download a program such as CDBurnerXP Pro and try running it in Safe Mode.  If it won't allow you to burn CD's, you could slave your hard drive in another computer in order to backup your important files.  Keep in mind, however, that there would be a risk of infecting the other computer.  Because I there isn't a lot I can do for you at the moment (and I sincerely apologize for that), you may want to start a new thread, either in this section or in the Windows section.  That way, you will have a better chance of getting the attention you need.  I wish you the best of luck, and if I can, I'll try to check in while I'm gone to see if I can offer anymore help.

Thank you for all the help and advice you've given so far!

[Malware Removal Specialist]

Hi zjt228

I don't know if yuo've reformatted but, if you have done that before you read this, then don't bother going further.

On the time thing, ComboFix has been known to somehow affect the clock and result in the military setting. Go to Control Panel - Regional and Language and change it back there.

If CF doesn't work for you now I suggest you delete the copy of CF you have and download a fresh copy from a legit source. I stress this last bit as there are sites popping up hosting the tool without the program author's permission.

Get it here ....

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

When download/installed again try CBMatt's fix of dragging the malware files into CFScript.

Post a  fresh HJT log after this with another update on how things are going.


Good luck.


OJ

Ugh, still nothing.

ComboFix started and then crashed again.

[Moderator]

Turn off all background (tray) apps and try ComboFix again...

How would I do that?