WiredWX Hobby Weather ToolsLog in

 


descriptionSolvedTrojan.Zlob.G Problem POST 1

more_horiz
I don't know what to do. I can't seem to access the internet on my computer anymore. Everytime I try to open Firefox or Internet Explorer it keeps saying "insecure connection" and automatically shuts down.

Please Help!!!

Thanks!!

Here are my HiJack this Log (1st Post) and Uninstall List Log (2nd Post):

HiJack this Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:49 AM, on 12/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Hijack(GP)This.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {09874E3C-9382-4761-BB00-794A496BAAF4} - C:\WINDOWS\system32\rqRHbccB.dll (file missing)
O2 - BHO: {36cd3dfc-e243-ddd8-76c4-6d9665d2a40b} - {b04a2d56-69d6-4c67-8ddd-342ecfd3dc63} - C:\WINDOWS\system32\ymrgvk.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156911251093
O20 - AppInit_DLLs: ymrgvk.dll c:\windows\system32\tohapuva.dll c:\windows\system32\ligalijo.dll c:\windows\system32\kiramega.dll c:\windows\system32\lewadiye.dll c:\windows\system32\hukodare.dll c:\windows\system32\rezutepi.dll c:\windows\system32\hegizuku.dll c:\windows\system32\yeyapoyu.dll,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: byxwtrs - byxwtrs.dll (file missing)
O20 - Winlogon Notify: pmnlihGa - pmnlihGa.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8984 bytes

descriptionSolvedTrojan.Zlob.G Problem POST 2

more_horiz
PART 2

Uninstall List Log:

7-Zip 4.57
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 2.1
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
AIMutation (remove only)
AltoMP3 Gold 5.20
AOL Instant Messenger
AOLIcon
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
AviSynth 2.5
Banctec Service Agreement
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
DellSupport
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Documentation & Support Launcher
DVD Shrink 3.2
EducateU
ELIcon
EPSON CX 7800 Guide
EPSON Printer Software
EPSON Scan
Games, Music, & Photos Launcher
Graboid Video 1.2
GRE POWERPREP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Smart Web Printing
InFlac 1.1.1
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
LiveUpdate 3.1 (Symantec Corporation)
mCore
MCU
mDriver
mDrWiFi
MediaCoder 0.6.1
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
mIWA
Mixer
mLogView
mMHouse
Modem Helper
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (2.0.0.18)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Musicmatch for Windows Media Player
Musicmatch?Jukebox
mWlsSafe
mWMI
myTunes Redux 1.0
mZConfig
NetWaiting
Nokia Connectivity Cable Driver
PlayLinc
QuickSet
QuickTime
RealPlayer Basic
Replay Converter 2.31
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Shockwave
Skype 2.5
Sonic Activation Module
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB Demo
SUPERAntiSpyware Professional
Symantec AntiVirus
Synaptics Pointing Device Driver
The Print Shop 12
Treo 700wx User Guide
Uninstall Perfect Defender 2009
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
URL Assistant
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WIDCOMM Bluetooth Software
WildTangent Web Driver
Winamp
Windows Defender Signatures
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Mobile Feb. 2008 DST Updates
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinZip

descriptionSolvedRe: Trojan.Zlob.G Problem POST 1

more_horiz
Hello.


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {09874E3C-9382-4761-BB00-794A496BAAF4} - C:\WINDOWS\system32\rqRHbccB.dll (file missing)
    O2 - BHO: {36cd3dfc-e243-ddd8-76c4-6d9665d2a40b} - {b04a2d56-69d6-4c67-8ddd-342ecfd3dc63} - C:\WINDOWS\system32\ymrgvk.dll (file missing)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O20 - AppInit_DLLs: ymrgvk.dll c:\windows\system32\tohapuva.dll c:\windows\system32\ligalijo.dll c:\windows\system32\kiramega.dll c:\windows\system32\lewadiye.dll c:\windows\system32\hukodare.dll c:\windows\system32\rezutepi.dll c:\windows\system32\hegizuku.dll c:\windows\system32\yeyapoyu.dll,
    O20 - Winlogon Notify: byxwtrs - byxwtrs.dll (file missing)
    O20 - Winlogon Notify: pmnlihGa - pmnlihGa.dll (file missing)


  • Press "Fix Checked"
  • Close Hijack This.




  • Download combofix from here, use the top links - combofix.exe
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Trojan.Zlob.G Problem POST 1 Rcauto10

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes

    Trojan.Zlob.G Problem POST 1 Whatne10

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionSolvedComboFix Log

more_horiz
Here it is. Thanks.

ComboFix Log:

ComboFix 08-12-07.01 - Deb 2008-12-08 14:47:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.440 [GMT -5:00]
Running from: E:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Deb\Application Data\Google\kjzna1562565.exe
c:\documents and settings\Deb\Application Data\IUpd721
c:\documents and settings\Deb\Application Data\IUpd721\Logs\scns.log
c:\documents and settings\Deb\Application Data\NI.GSCNS
c:\documents and settings\Deb\Application Data\NI.GSCNS\dl.ini
c:\documents and settings\Deb\Application Data\NI.GSCNS\settings.ini
c:\documents and settings\Deb\Cookies\boryroqi.vbs
c:\documents and settings\Deb\Cookies\ynevix.inf
c:\documents and settings\Deb\Local Settings\Temporary Internet Files\typic.lib
c:\documents and settings\Deb\Local Settings\Temporary Internet Files\udirakeg.vbs
c:\documents and settings\Deb\Local Settings\Temporary Internet Files\yrupiziw.bin
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\FT62
c:\temp\FT62\teTU.log
c:\windows\BMaf7e3230.txt
c:\windows\BMaf7e3230.xml
c:\windows\cookies.ini
c:\windows\system32\akobenij.ini
c:\windows\system32\ap
c:\windows\system32\avikakok.ini
c:\windows\system32\ayesudoy.ini
c:\windows\system32\azawawab.ini
c:\windows\system32\BccbHRqr.ini
c:\windows\system32\BccbHRqr.ini2
c:\windows\system32\cerrgbwx.ini
c:\windows\system32\ctkxjcgn.ini
c:\windows\system32\devmsjdx.ini
c:\windows\system32\fexthwyu.ini
c:\windows\system32\hmmskrnc.ini
c:\windows\system32\hRsvDccf.ini
c:\windows\system32\hRsvDccf.ini2
c:\windows\system32\ibirukaw.ini
c:\windows\system32\ikazasay.ini
c:\windows\system32\ikunolvn.ini
c:\windows\system32\imogozuz.ini
c:\windows\system32\jqxqdyte.ini
c:\windows\system32\llisrwvs.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\mxuyoswt.ini
c:\windows\system32\pxlajyjc.ini
c:\windows\system32\qtkxuvyk.ini
c:\windows\system32\sushohlm.ini
c:\windows\system32\tim
c:\windows\system32\tousbdco.ini
c:\windows\system32\ufkwfshh.ini
c:\windows\system32\uujxweda.ini
c:\windows\system32\uwizeyiw.ini
c:\windows\system32\vcgycpfh.ini
c:\windows\system32\vd2
c:\windows\system32\vhcfyjbl.ini
c:\windows\system32\wjojbomx.ini
c:\windows\system32\x4
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.

2008-12-08 14:41 . 2008-12-08 14:42 d-------- C:\32788R22FWJFW
2008-12-08 04:44 . 2008-12-08 04:44 d-------- c:\program files\MSXML 6.0
2008-12-07 23:57 . 2008-12-08 00:50 d-------- c:\windows\system32\CatRoot_bak
2008-12-07 23:55 . 2008-06-13 08:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-12-07 23:55 . 2008-06-13 08:10 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2008-12-07 23:55 . 2008-08-14 04:51 138,368 --------- c:\windows\system32\dllcache\afd.sys
2008-12-07 23:51 . 2008-05-01 09:30 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-12-04 16:29 . 2008-12-04 16:29 d-------- c:\program files\AltoMP3 Gold
2008-12-03 23:13 . 2008-12-04 15:46 d-------- c:\program files\Nokia
2008-12-03 16:37 . 2008-12-04 19:22 d-------- c:\program files\MediaCoder
2008-12-03 15:52 . 2008-12-03 15:52 d-------- c:\windows\Pak Audio Converter
2008-12-03 15:52 . 2008-12-03 16:22 d-------- c:\program files\Pak Audio Converter
2008-11-30 17:31 . 2008-11-30 17:31 d-------- c:\program files\ETS
2008-11-24 00:52 . 2008-11-24 00:52 2,274 --a------ c:\windows\system32\TDSSqein.dll
2008-11-23 02:24 . 2008-11-23 02:24 d-------- c:\program files\Microsoft Silverlight
2008-11-20 17:05 . 2008-12-08 14:48 d-------- C:\Temp
2008-11-20 17:02 . 2008-11-20 17:02 115,016 --a------ c:\windows\system32\MSINET.OCX
2008-11-20 17:02 . 2008-11-20 17:02 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-20 17:02 . 2008-11-20 17:02 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-16 00:24 . 2008-11-16 00:24 19,720 --a------ c:\windows\system32\femuhovo._sy
2008-11-16 00:24 . 2008-11-16 00:24 19,122 --a------ c:\windows\gorupybif.lib
2008-11-16 00:24 . 2008-11-16 00:24 18,451 --a------ c:\windows\acijene.lib
2008-11-16 00:24 . 2008-11-16 00:24 16,742 --a------ c:\program files\Common Files\cydaqe.bat
2008-11-16 00:24 . 2008-11-16 00:24 16,577 --a------ c:\windows\system32\uhymezotoz.dll
2008-11-16 00:24 . 2008-11-16 00:24 15,142 --a------ c:\program files\Common Files\ofedyxal.vbs
2008-11-16 00:24 . 2008-11-16 00:24 14,208 --a------ c:\windows\system32\etycerupus.inf
2008-11-16 00:24 . 2008-11-16 00:24 12,971 --a------ c:\program files\Common Files\rafaxo.com
2008-11-16 00:24 . 2008-11-16 00:24 11,985 --a------ c:\windows\exuqyr.com
2008-11-15 21:10 . 2008-11-15 21:10 18,959 --a------ c:\windows\akyruxiju.inf
2008-11-15 21:10 . 2008-11-15 21:10 18,640 --a------ c:\windows\system32\cisygo.dll
2008-11-15 21:10 . 2008-11-15 21:10 17,695 --a------ c:\windows\gasov.dat
2008-11-15 21:10 . 2008-11-15 21:10 17,297 --a------ c:\windows\system32\otokohicug.ban
2008-11-15 21:10 . 2008-11-15 21:10 17,116 --a------ c:\windows\nicaduz.sys
2008-11-15 21:10 . 2008-11-15 21:10 16,505 --a------ c:\documents and settings\All Users\Application Data\lugihufo.sys
2008-11-15 21:10 . 2008-11-15 21:10 16,050 --a------ c:\documents and settings\Deb\Application Data\oxon.sys
2008-11-15 21:10 . 2008-11-15 21:10 12,005 --a------ c:\windows\ubizyxawe.scr
2008-11-15 21:10 . 2008-11-15 21:10 11,781 --a------ c:\windows\jezakugys.pif
2008-11-15 21:10 . 2008-11-15 21:10 11,408 --a------ c:\program files\Common Files\mija.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 19:55 --------- d-----w c:\program files\DNA
2008-12-08 19:55 --------- d-----w c:\documents and settings\Deb\Application Data\DNA
2008-12-08 19:54 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-08 04:25 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-05 01:49 --------- d-----w c:\documents and settings\Deb\Application Data\BitTorrent
2008-12-04 20:46 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 18:12 --------- d--h--w c:\documents and settings\Deb\Application Data\Move Networks
2008-11-24 05:08 --------- d-----w c:\program files\DivX
2008-11-16 05:24 18,262 ----a-w c:\program files\Common Files\cypuxac.dl
2008-11-16 05:24 16,136 ----a-w c:\program files\Common Files\edovorycil.lib
2008-11-16 05:24 15,695 ----a-w c:\program files\Common Files\jocela.db
2008-11-16 02:10 17,175 ----a-w c:\program files\Common Files\ycegax._dl
2008-11-16 02:10 10,616 ----a-w c:\program files\Common Files\uwymekos.db
2008-10-24 21:00 --------- d-----w c:\documents and settings\Deb\Application Data\Skype
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2006-09-08 19:16 88 --sh--r c:\windows\system32\8A37A4E85C.sys
2005-07-14 19:31 27,648 --sha-w c:\windows\system32\AVSredirect.dll
2006-09-08 19:16 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-07 1805552]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-24 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-11-16 13:48 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.iv50"= c:\progra~1\REPLAY~1\ir50_32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Deb^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Deb\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

descriptionSolvedRe: Trojan.Zlob.G Problem POST 1

more_horiz
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-08-05 14:08 67160 c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2008-09-26 18:44 634672 c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-11-12 08:54 342336 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSVolFE.exe]
--------- 2005-02-23 15:57 57344 c:\program files\Creative\Mixer\CTSVolFE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-04-06 14:58 1032192 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 10:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
--a------ 2007-11-13 16:46 135168 c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 05:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 03:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7800 Series]
--a------ 2005-04-06 23:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-20 21:36 1207080 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-12-13 02:41 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-12-13 02:45 118784 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-12-13 02:44 98304 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 05:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2007-10-08 13:13 1101824 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 10:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 10:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 02:24 20480 c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 15:16 1121792 c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 05:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 20:15 290816 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 05:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 05:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-08-11 15:12 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-07-26 02:03 49263 c:\program files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-08 11:48 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
--a------ 2007-05-11 14:20 2061816 c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 16:30 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-02-29 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-19 99376]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2008-04-16 40832]
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2007-03-14 116416]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5ab82e0-25d4-11dd-91b9-0015c5678e1f}]
\Shell\AutoRun\command - E:\Iexplores.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc42f18d-454a-11dd-80e9-0015c5678e1f}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Smax4 - c:\documents and settings\Deb\Application Data\Google\kjzna1562565.exe
MSConfigStartUp-BMaf7e3230 - c:\windows\system32\ifvfgefg.dll
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
MSConfigStartUp-TivoNotify - c:\program files\TiVo\Desktop\TiVoNotify.exe
MSConfigStartUp-TivoServer - c:\program files\TiVo\Desktop\TiVoServer.exe
MSConfigStartUp-TivoTransfer - c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
MSConfigStartUp-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
MSConfigStartUp-Verizon Custom Uninstall Tracking - c:\docume~1\Deb\LOCALS~1\Temp\InstallHelper.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
FireFox -: Profile - c:\documents and settings\Deb\Application Data\Mozilla\Firefox\Profiles\6qtg6bcf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 14:55:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-12-08 15:00:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-08 20:00:04

Pre-Run: 15,825,084,416 bytes free
Post-Run: 17,443,172,352 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

348 --- E O F --- 2008-12-08 09:48:52

descriptionSolvedRe: Trojan.Zlob.G Problem POST 1

more_horiz
Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\TDSSqein.dll
c:\windows\gorupybif.lib
c:\windows\acijene.lib
c:\program files\Common Files\cydaqe.bat
c:\windows\system32\uhymezotoz.dll
c:\windows\system32\femuhovo._sy
c:\windows\system32\etycerupus.inf
c:\program files\Common Files\ofedyxal.vbs
c:\program files\Common Files\rafaxo.com
c:\windows\exuqyr.com
c:\windows\akyruxiju.inf
c:\windows\system32\cisygo.dll
c:\windows\gasov.dat
c:\windows\nicaduz.sys
c:\documents and settings\Deb\Application Data\oxon.sys
c:\documents and settings\All Users\Application Data\lugihufo.sys
c:\windows\ubizyxawe.scr
c:\windows\jezakugys.pif
c:\program files\Common Files\mija.sys
c:\program files\Common Files\cypuxac.dl
c:\program files\Common Files\edovorycil.lib
c:\program files\Common Files\jocela.db
c:\program files\Common Files\ycegax._dl
c:\program files\Common Files\uwymekos.db

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5ab82e0-25d4-11dd-91b9-0015c5678e1f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc42f18d-454a-11dd-80e9-0015c5678e1f}]


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Trojan.Zlob.G Problem POST 1 Sfxdaw

This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

descriptionSolvedRe: Trojan.Zlob.G Problem POST 1

more_horiz
ComboFix 08-12-07.01 - Deb 2008-12-08 15:43:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.433 [GMT -5:00]
Running from: E:\ComboFix.exe
Command switches used :: E:\CFscript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.

2008-12-08 04:44 . 2008-12-08 04:44 d-------- c:\program files\MSXML 6.0
2008-12-07 23:57 . 2008-12-08 00:50 d-------- c:\windows\system32\CatRoot_bak
2008-12-07 23:55 . 2008-06-13 08:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-12-07 23:55 . 2008-06-13 08:10 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2008-12-07 23:55 . 2008-08-14 04:51 138,368 --------- c:\windows\system32\dllcache\afd.sys
2008-12-07 23:51 . 2008-05-01 09:30 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-12-04 16:29 . 2008-12-04 16:29 d-------- c:\program files\AltoMP3 Gold
2008-12-03 23:13 . 2008-12-04 15:46 d-------- c:\program files\Nokia
2008-12-03 16:37 . 2008-12-04 19:22 d-------- c:\program files\MediaCoder
2008-12-03 15:52 . 2008-12-03 15:52 d-------- c:\windows\Pak Audio Converter
2008-12-03 15:52 . 2008-12-03 16:22 d-------- c:\program files\Pak Audio Converter
2008-11-30 17:31 . 2008-11-30 17:31 d-------- c:\program files\ETS
2008-11-24 00:52 . 2008-11-24 00:52 2,274 --a------ c:\windows\system32\TDSSqein.dll
2008-11-23 02:24 . 2008-11-23 02:24 d-------- c:\program files\Microsoft Silverlight
2008-11-20 17:05 . 2008-12-08 14:48 d-------- C:\Temp
2008-11-20 17:02 . 2008-11-20 17:02 115,016 --a------ c:\windows\system32\MSINET.OCX
2008-11-20 17:02 . 2008-11-20 17:02 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-20 17:02 . 2008-11-20 17:02 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-16 00:24 . 2008-11-16 00:24 19,720 --a------ c:\windows\system32\femuhovo._sy
2008-11-16 00:24 . 2008-11-16 00:24 19,122 --a------ c:\windows\gorupybif.lib
2008-11-16 00:24 . 2008-11-16 00:24 18,451 --a------ c:\windows\acijene.lib
2008-11-16 00:24 . 2008-11-16 00:24 16,742 --a------ c:\program files\Common Files\cydaqe.bat
2008-11-16 00:24 . 2008-11-16 00:24 16,577 --a------ c:\windows\system32\uhymezotoz.dll
2008-11-16 00:24 . 2008-11-16 00:24 15,142 --a------ c:\program files\Common Files\ofedyxal.vbs
2008-11-16 00:24 . 2008-11-16 00:24 14,208 --a------ c:\windows\system32\etycerupus.inf
2008-11-16 00:24 . 2008-11-16 00:24 12,971 --a------ c:\program files\Common Files\rafaxo.com
2008-11-16 00:24 . 2008-11-16 00:24 11,985 --a------ c:\windows\exuqyr.com
2008-11-15 21:10 . 2008-11-15 21:10 18,959 --a------ c:\windows\akyruxiju.inf
2008-11-15 21:10 . 2008-11-15 21:10 18,640 --a------ c:\windows\system32\cisygo.dll
2008-11-15 21:10 . 2008-11-15 21:10 17,695 --a------ c:\windows\gasov.dat
2008-11-15 21:10 . 2008-11-15 21:10 17,297 --a------ c:\windows\system32\otokohicug.ban
2008-11-15 21:10 . 2008-11-15 21:10 17,116 --a------ c:\windows\nicaduz.sys
2008-11-15 21:10 . 2008-11-15 21:10 16,505 --a------ c:\documents and settings\All Users\Application Data\lugihufo.sys
2008-11-15 21:10 . 2008-11-15 21:10 16,050 --a------ c:\documents and settings\Deb\Application Data\oxon.sys
2008-11-15 21:10 . 2008-11-15 21:10 12,005 --a------ c:\windows\ubizyxawe.scr
2008-11-15 21:10 . 2008-11-15 21:10 11,781 --a------ c:\windows\jezakugys.pif
2008-11-15 21:10 . 2008-11-15 21:10 11,408 --a------ c:\program files\Common Files\mija.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 20:36 --------- d-----w c:\documents and settings\Deb\Application Data\DNA
2008-12-08 19:55 --------- d-----w c:\program files\DNA
2008-12-08 19:54 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-08 04:25 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-05 01:49 --------- d-----w c:\documents and settings\Deb\Application Data\BitTorrent
2008-12-04 20:46 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 18:12 --------- d--h--w c:\documents and settings\Deb\Application Data\Move Networks
2008-11-24 05:08 --------- d-----w c:\program files\DivX
2008-11-16 05:24 18,262 ----a-w c:\program files\Common Files\cypuxac.dl
2008-11-16 05:24 16,136 ----a-w c:\program files\Common Files\edovorycil.lib
2008-11-16 05:24 15,695 ----a-w c:\program files\Common Files\jocela.db
2008-11-16 02:10 17,175 ----a-w c:\program files\Common Files\ycegax._dl
2008-11-16 02:10 10,616 ----a-w c:\program files\Common Files\uwymekos.db
2008-10-24 21:00 --------- d-----w c:\documents and settings\Deb\Application Data\Skype
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2006-09-08 19:16 88 --sh--r c:\windows\system32\8A37A4E85C.sys
2005-07-14 19:31 27,648 --sha-w c:\windows\system32\AVSredirect.dll
2006-09-08 19:16 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-07 1805552]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-24 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-11-16 13:48 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.iv50"= c:\progra~1\REPLAY~1\ir50_32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

descriptionSolvedRe: Trojan.Zlob.G Problem POST 1

more_horiz
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Deb^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Deb\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-08-05 14:08 67160 c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2008-09-26 18:44 634672 c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-11-12 08:54 342336 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSVolFE.exe]
--------- 2005-02-23 15:57 57344 c:\program files\Creative\Mixer\CTSVolFE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-04-06 14:58 1032192 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 10:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
--a------ 2007-11-13 16:46 135168 c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 05:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 03:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7800 Series]
--a------ 2005-04-06 23:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-20 21:36 1207080 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-12-13 02:41 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-12-13 02:45 118784 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-12-13 02:44 98304 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 05:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2007-10-08 13:13 1101824 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 10:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 10:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 02:24 20480 c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 15:16 1121792 c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 05:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 20:15 290816 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 05:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 05:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-08-11 15:12 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-07-26 02:03 49263 c:\program files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-08 11:48 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
--a------ 2007-05-11 14:20 2061816 c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 16:30 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-02-29 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-19 99376]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2008-04-16 40832]
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2007-03-14 116416]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
FireFox -: Profile - c:\documents and settings\Deb\Application Data\Mozilla\Firefox\Profiles\6qtg6bcf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 15:45:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\netprovcredman.dll
.
Completion time: 2008-12-08 15:47:08
ComboFix-quarantined-files.txt 2008-12-08 20:46:45
ComboFix2.txt 2008-12-08 20:00:16

Pre-Run: 17,439,035,392 bytes free
Post-Run: 17,424,637,952 bytes free

267 --- E O F --- 2008-12-08 09:48:52

descriptionSolvedRe: Trojan.Zlob.G Problem POST 1

more_horiz
That didn't work right for some reason.
Lets use this instead.

Please download the OTMoveIt3 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :processes
    explorer.exe

    :files
    c:\windows\system32\TDSSqein.dll
    c:\windows\gorupybif.lib
    c:\windows\acijene.lib
    c:\program files\Common Files\cydaqe.bat
    c:\windows\system32\uhymezotoz.dll
    c:\windows\system32\femuhovo._sy
    c:\windows\system32\etycerupus.inf
    c:\program files\Common Files\ofedyxal.vbs
    c:\program files\Common Files\rafaxo.com
    c:\windows\exuqyr.com
    c:\windows\akyruxiju.inf
    c:\windows\system32\cisygo.dll
    c:\windows\gasov.dat
    c:\windows\nicaduz.sys
    c:\documents and settings\Deb\Application Data\oxon.sys
    c:\documents and settings\All Users\Application Data\lugihufo.sys
    c:\windows\ubizyxawe.scr
    c:\windows\jezakugys.pif
    c:\program files\Common Files\mija.sys
    c:\program files\Common Files\cypuxac.dl
    c:\program files\Common Files\edovorycil.lib
    c:\program files\Common Files\jocela.db
    c:\program files\Common Files\ycegax._dl
    c:\program files\Common Files\uwymekos.db

    :reg
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5ab82e0-25d4-11dd-91b9-0015c5678e1f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc42f18d-454a-11dd-80e9-0015c5678e1f}]

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]



  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

descriptionSolvedRe: Trojan.Zlob.G Problem POST 1

more_horiz
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
LoadLibrary failed for c:\windows\system32\TDSSqein.dll
c:\windows\system32\TDSSqein.dll NOT unregistered.
c:\windows\system32\TDSSqein.dll moved successfully.
c:\windows\gorupybif.lib moved successfully.
c:\windows\acijene.lib moved successfully.
c:\program files\Common Files\cydaqe.bat moved successfully.
LoadLibrary failed for c:\windows\system32\uhymezotoz.dll
c:\windows\system32\uhymezotoz.dll NOT unregistered.
c:\windows\system32\uhymezotoz.dll moved successfully.
c:\windows\system32\femuhovo._sy moved successfully.
c:\windows\system32\etycerupus.inf moved successfully.
c:\program files\Common Files\ofedyxal.vbs moved successfully.
c:\program files\Common Files\rafaxo.com moved successfully.
c:\windows\exuqyr.com moved successfully.
c:\windows\akyruxiju.inf moved successfully.
LoadLibrary failed for c:\windows\system32\cisygo.dll
c:\windows\system32\cisygo.dll NOT unregistered.
c:\windows\system32\cisygo.dll moved successfully.
c:\windows\gasov.dat moved successfully.
c:\windows\nicaduz.sys moved successfully.
c:\documents and settings\Deb\Application Data\oxon.sys moved successfully.
c:\documents and settings\All Users\Application Data\lugihufo.sys moved successfully.
c:\windows\ubizyxawe.scr moved successfully.
c:\windows\jezakugys.pif moved successfully.
c:\program files\Common Files\mija.sys moved successfully.
c:\program files\Common Files\cypuxac.dl moved successfully.
c:\program files\Common Files\edovorycil.lib moved successfully.
c:\program files\Common Files\jocela.db moved successfully.
c:\program files\Common Files\ycegax._dl moved successfully.
c:\program files\Common Files\uwymekos.db moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\ForceClassicControlPanel not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5ab82e0-25d4-11dd-91b9-0015c5678e1f}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc42f18d-454a-11dd-80e9-0015c5678e1f}\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Deb\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Deb\LOCALS~1\Temp\~DF5824.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Deb\LOCALS~1\Temp\~DFDBDD.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12082008_161911

Files moved on Reboot...
C:\DOCUME~1\Deb\LOCALS~1\Temp\WCESLog.log moved successfully.
File C:\DOCUME~1\Deb\LOCALS~1\Temp\~DF5824.tmp not found!
File C:\DOCUME~1\Deb\LOCALS~1\Temp\~DFDBDD.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

descriptionSolvedRe: Trojan.Zlob.G Problem POST 1

more_horiz
Looks good, what problems remani?

descriptionSolvedRe: Trojan.Zlob.G Problem POST 1

more_horiz
Its perfect now. Thanks a lot!!!

descriptionSolvedRe: Trojan.Zlob.G Problem POST 1

more_horiz
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.

descriptionSolvedRe: Trojan.Zlob.G Problem POST 1

more_horiz
Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.

descriptionSolvedRe: Trojan.Zlob.G Problem POST 1

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum