Computer Virus (combofix Log & Hijackthis Log Included)[INACTIVE]


Recommended Posts

My computer has recently caught a virus, I'm not quite sure how (although leaving my little brother play and download files without restrictions may have something to do with it) in any case I'm not sure to what extent is the computer infected, but when I started to do some work in it I found it with a "hazard" wallpaper on the screen, all the icns on my desktop selected simultaneously, and whenever I need to browse the web, avast detects viruses, bombarding me with messages that don't stop even now as I'm writing this post, these are the names of the files infected as shown by avast but it can't remove itself:

C:\DocumentsandSettings\USERNAME\LocalSettings\Temp\ac82t2\m

C:\DocumentsandSettings\USERNAME\Locals~1\Temp\ac82t2\main-installer

C:\DocumentsandSettings\USERNAME\Locals~1\Temp\ac82t2\msmdev.dll

C:\DocumentsandSettings\USERNAME\Locals~1\Temp\ac82t2\nsduo.dll

C:\DocumentsandSettings\USERNAME\Locals~1\Temp\ac82t2\rmv.exe

Here's the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:17:28 PM, on 10/23/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\pfi\AdAwarefi\aawservice.exe

D:\Avastfi\aswUpdSv.exe

D:\Avastfi\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

D:\a-squaredfi\a-squared Free\a2service.exe

C:\WINDOWS\System32\svchost.exe

D:\Avastfi\ashMaiSv.exe

D:\Avastfi\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\program files\support.com\client\bin\tgcmd.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\AGRSMMSG.exe

D:\Avastfi\ashDisp.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

D:\pfi\PG2fi\PeerGuardian2\pg2.exe

C:\WINDOWS\explorer.exe

D:\FIREFO~1\FIREFOX.EXE

D:\pfi\Hijackthisfi\HJTInstall.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspkfxt.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\pfi\SpyBotfi\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {57A3B35B-DFD7-6AA7-4166-03ED08EB8586} - C:\Program Files\vlkavjuf\ejvjuavk.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: The htunistock - {C58A4487-4C2E-45E4-9E3A-52B3A23CC396} - C:\WINDOWS\htunistock.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [avast!] D:\Avastfi\ashDisp.exe

O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe

O4 - HKLM\..\Run: [spySweeper] "D:\SpySweeper\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [hqnyngzy] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hqnyngzy.dll"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZINIOD~2.EXE /hide

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1616857178-868086227-519551471-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Charlie')

O4 - HKUS\S-1-5-21-1616857178-868086227-519551471-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Charlie')

O4 - HKUS\S-1-5-21-1616857178-868086227-519551471-1007\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Charlie')

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Microsoft Office.lnk = D:\MOxp\Office10\OSA.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MOxp\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112054684937

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DC122E3-FB03-4F71-BC6D-15EE27DB6307}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{B821443B-D772-4392-A6BF-28E93BD36F8D}: NameServer = 85.255.115.99,85.255.112.90

O17 - HKLM\System\CCS\Services\Tcpip\..\{E81F8FAA-3870-4552-889C-58ACA6128947}: NameServer = 85.255.115.99,85.255.112.90

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O21 - SSODL: hostctrl - {DFA49579-2F21-4B21-A2A3-1B1D8262477B} - C:\WINDOWS\hostctrl.dll

O21 - SSODL: hstsys - {EE10C817-A6A2-45A8-B903-A8553ADBEA10} - C:\WINDOWS\hstsys.dll (file missing)

O21 - SSODL: msmhost - {CBA7093B-A31A-4A4B-AA8F-DD33DED46BFB} - C:\WINDOWS\msmhost.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a-squaredfi\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\pfi\AdAwarefi\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Avastfi\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Avastfi\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Avastfi\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Avastfi\ashWebSv.exe

O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 11745 bytes

I haven't lost any data yet from the comp since I can still access it. However, having the computer infected is a problem especially since I can't surf the web as I normally would. Can anyone offer some advise? as to how should I proceed, I was thinking of reinstalling windows but unfortunately my PC didn't come with recovery discs, instead it has the OS in a certain partition that I'm not quite sure how to access. Help solving the virus problem would be appreciated, thanks in advance.

Edited by intocomputing2
Link to post
Share on other sites

Hi intocomputing2, and welcome to BestTechie! I'm Ryan, and I'll be helping you with your computer.

OK, since you have an avast!, let's make sure it is updated, then use it to run a boot time scan.

== Update avast! ==

Right click on the a in the taskbar and select Updating, then select Program.

Avast! will tell you when it has completed the update. If core files were updated, you may get a message asking you to restart. Please allow the computer to restart if prompted.

== Schedule a Boot-Time Scan ==

After you have updated avast! right click the a icon in the taskbar and click Start Avast! AntiVirus.

After this, you will need to Schedule Boot-Time Scan with avast! While all the steps needed to perform this are listed below, you may find a visual tutorial helpful as well.

  • Click on the up arrow icon in the left corner, and select Schedule Boot-Time Scan.
    Next, choose:
    • Scan all local disks
    • scan archive files

Click on Schedule. Avast! will notify you that a system restart is needed. Please select Yes

Your computer will then restart, and avast! will perform the scan prior to Windows loading.

IMPORTANT NOTE: When avast! finds an infected item, it may give you a dialog box with recommended actions. If this happens, please select Move to Chest.

== Request logs ==

Please post the log of the avast scan. It can be found at C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt

I would also like to see an Uninstall list. To obtain an uninstall list, please do the following:

  • Open HijackThis, click Config, click Misc Tools
    Click "Open Uninstall Manager"
    Click "Save List" (generates uninstall_list.txt)

-Ryan

Link to post
Share on other sites

Avast's log:

10/21/2007 02:19

Scan of all local drives

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP801\A0578398.exe is infected by Win32:Zlob-ABA [Trj], Deleted

File C:\WINDOWS\nsduo.dll is infected by Win32:Trojan-gen {Other}, Deleted

File D:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP800\A0578282.exe is infected by Win32:Agent-KKD [Trj], Deleted

File D:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP800\A0578283.exe is infected by Win32:Agent-KKD [Trj], Deleted

File D:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP811\A0579362.exe is infected by Win32:Agent-KKD [Trj], Deleted

File D:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP811\A0579363.exe is infected by Win32:Agent-KKD [Trj], Deleted

Number of searched folders: 7314

Number of tested files: 102205

Number of infected files: 6

----------------------------------------

10/26/2007 21:13

Scan of all local drives

File C:\Documents and Settings\Uno\Local Settings\Temp\NeroDemo11237\Cab\D7907462.cab\backitup\it-NBLinux.mo Error 42125 {ZIP archive is corrupted.}

File C:\Program Files\Online Services\AT&T Worldnet Setup\fscommand\wnsonyv.exe\Wise0024.bin Error 42146 {Installer archive is corrupted.}

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP847\A0612845.exe\C++ For Cs And Engr\Chapters\AppendixA.pdf Error 42125 {ZIP archive is corrupted.}

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP847\A0612845.exe\C++ For Cs And Engr\Chapters\AppendixB.pdf Error 42125 {ZIP archive is corrupted.}

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP847\A0612845.exe\C++ For Cs And Engr\Chapters\Chapter05.pdf Error 42125 {ZIP archive is corrupted.}

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP847\A0612845.exe\C++ For Cs And Engr\Chapters\Chapter10.pdf Error 42125 {ZIP archive is corrupted.}

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP847\A0612845.exe\C++ For Cs And Engr\Chapters\Chapter11.pdf Error 42125 {ZIP archive is corrupted.}

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP847\A0612845.exe\C++ For Cs And Engr\SamplePgms2005\CsExamples\Cs13c\Cs13c.cpp Error 42125 {ZIP archive is corrupted.}

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP860\A0617621.dll is infected by Win32:Trojan-gen {Other}, Moved to chest

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP861\A0618790.dll is infected by Win32:Trojan-gen {Other}, Moved to chest

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP861\A0618791.dll is infected by Win32:Agent-LTS [Trj], Moved to chest

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP861\A0618799.dll is infected by Win32:Agent-LTS [Trj], Moved to chest

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP861\A0618800.dll is infected by Win32:Trojan-gen {Other}, Moved to chest

File D:\Unused icons\AOL Instant Messenger\AIM.exe\%MAINDIR%\MiniBugTransporter.EXE\Wise0008.bin\[Embedded#13b50] is infected by Win32:Adware-gen [Adw], Moved to chest

File D:\Unused icons\AOL Instant Messenger\AIM.exe\%MAINDIR%\MiniBugTransporter.EXE\Wise0008.bin is infected by Win32:Adware-gen [Adw], Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}

Number of searched folders: 7318

Number of tested files: 293065

Number of infected files: 7

Uninstall list:

3D Groove Playback Engine

AC3Filter (remove only)

Ad-Aware 2007

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Reader 8.1.0

Adobe Reader Japanese Fonts

Adobe Shockwave Player

Advanced Media Extension v1.5

Age of Empires II

Agere Systems AC'97 Modem

Art Explosion Publisher Pro Silver Edition

a-squared Free 2.0

AT&T Worldnet Setup

ATI Control Panel

ATI Display Driver

avast! Antivirus

BitTorrent 4.0.1

Borland C++ 5.02

Canon MP Drivers

Canon MP Toolbox 4.1

CCleaner (remove only)

Click to DVD 1.3

Crimson Editor (remove only)

Dell Photo Printer 720

DivX

DivX Content Uploader

DivX Player

DivX Web Player

Drag'n Drop CD+DVD

Drift City

DVD Decrypter (Remove Only)

DVD Shrink 3.2

DVgate Plus

FLV Player 1.3.3

HandyBits File Shredder

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB926239)

ijji - Gunz

ijji Auto Installer

ImgBurn (Remove Only)

Intel® Extreme Graphics Driver

Intel® PRO Network Adapters and Drivers

J2SE Runtime Environment 5.0 Update 6

jetAudio

Joost 0.10.9

Learn2 Player (Uninstall Only)

LiveReg (Symantec Corporation)

LiveUpdate 1.80 (Symantec Corporation)

MagChat 1.0.9

Memory Stick Formatter

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internet Print Services

Microsoft Money 2004

Microsoft Money 2004 System Pack

Microsoft Office Excel MUI (Spanish) 2007

Microsoft Office Outlook MUI (Spanish) 2007

Microsoft Office PowerPoint MUI (Spanish) 2007

Microsoft Office Proof (Basque) 2007

Microsoft Office Proof (Catalan) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Galician) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Spanish) 2007

Microsoft Office Shared MUI (Spanish) 2007

Microsoft Office Word MUI (Spanish) 2007

Microsoft Office XP Standard for Students and Teachers

Microsoft Reader

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Works 7.0

MoodLogic

Mozilla Firefox (2.0.0.8)

MSN Music Assistant

Music Visualizer Library 1.4.00

NoteTab Light (Remove only)

NVIDIA Windows 2000/XP Display Drivers

OpenMG Limited Patch 3.2-03-02-21-08

OpenMG Limited Patch 3.2-03-03-18-01

OpenMG Limited Patch 3.2-03-04-14-02

OpenMG Secure Module 3.2

PC Inspector File Recovery

PeerGuardian 2.0

PictureGear Studio 2.0

PowerDVD

Quicken 2003 New User Edition

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB939653)

Security Update for Windows XP (KB941202)

Shareaza version 2.2.1.0

Shockwave

SonicStage 1.6.00

Sony Certificate PCH

Sony Digital Voice Editor 2

Sony Video Shared Library

Spybot - Search & Destroy 1.4

Trillian

Turbo Tax Offer

Unreal Tournament 2004 Demo

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

VAIO BrightColor Wallpaper

VAIO Help and Support

VAIO Media 2.6

VAIO Media Integrated Server 2.6

VAIO Media Redistribution 2.6

VAIO Registration

VAIO Support

VAIO Survey Standalone

VAIO System Information

VideoLAN VLC media player 0.8.6

Viewpoint Media Player

Vodei Multimedia Processor 2.10

WebVideo Support

Welcome to VAIO life

Winamp (remove only)

WinAVIVideoConverter

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows Media Player 9 Hotfix [see KB885492 for more information]

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Service Pack 2

WinRAR archiver

Yahoo! Messenger

Zinio Reader

Edited by intocomputing2
Link to post
Share on other sites

Download ComboFix from Here or Here to your Desktop.

  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

-Ryan

Link to post
Share on other sites

ComboFix log:

ComboFix 07-10-23.2 - Uno 2007-10-27 2:05:33.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.209 [GMT -4:00]

Running from: C:\Documents and Settings\Uno\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data.\hqnyngzy.dll

C:\Program Files\VideoAccessCodec

C:\Program Files\VideoAccessCodec\install.ico

C:\Program Files\VideoAccessCodec\Uninstall.exe

C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx

C:\WINDOWS\dat.txt

C:\WINDOWS\hostctrl.dll

C:\WINDOWS\msmhost.dll

C:\WINDOWS\nmcuninstall.exe

C:\WINDOWS\privacy_danger

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\index.htm

C:\WINDOWS\rs.txt

C:\WINDOWS\search_res.txt

C:\WINDOWS\system32\{19FF1183-B106-4143-A3CD-9A45CFE213E6}.exe

C:\WINDOWS\system32\{37593053-D1CE-4077-8424-C98B25C5EDBD}.exe

C:\WINDOWS\system32\{49729B8C-852C-4157-90C6-78688BDC8BA8}.exe

C:\WINDOWS\system32\{EBF93E07-CB03-4A99-9A30-5163BF161524}.exe

C:\WINDOWS\system32\{F7428278-81A8-41B2-8B82-50193F8857C9}.exe

C:\WINDOWS\system32\{F79279E6-4A43-4BA9-9265-64FFB7ACBBDD}.exe

C:\WINDOWS\system32\{FC3C55AC-7917-4E94-B88D-4ADD9AC65426}.exe

.

((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))

.

2007-10-27 02:04 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-21 00:55 <DIR> d-------- C:\Program Files\vlkavjuf

2007-10-21 00:48 278,528 --a------ C:\WINDOWS\ntspkfxt.dll

2007-10-21 00:48 81,920 --a------ C:\WINDOWS\htunistock.dll

2007-10-19 17:20 <DIR> d-------- C:\Documents and Settings\Uno\Application Data\PowerChallenge

2007-10-11 20:39 <DIR> d-------- C:\Documents and Settings\Charlie\Application Data\PowerChallenge

2007-10-10 01:27 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2007-10-01 00:43 <DIR> d-------- C:\Documents and Settings\Uno\Application Data\Yahoo!

2007-09-29 21:42 <DIR> d---s---- C:\Documents and Settings\Charlie\UserData

2007-09-29 17:40 <DIR> d-------- C:\Documents and Settings\Charlie\Application Data\Yahoo!

2007-09-27 18:57 <DIR> d-------- C:\Documents and Settings\Charlie\Application Data\U3

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-25 16:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-25 16:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-10-25 16:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-10-25 16:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-25 15:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-24 06:13 --------- d-----w C:\Documents and Settings\Uno\Application Data\uTorrent

2007-10-08 05:54 --------- d-----w C:\Program Files\Yahoo!

2007-09-27 22:56 --------- d-----w C:\Documents and Settings\Uno\Application Data\U3

2007-09-20 04:47 --------- d-----w C:\Program Files\Joost

2007-09-15 22:03 --------- d-----w C:\Program Files\Gpotato

2007-09-14 02:10 --------- d-----w C:\Documents and Settings\Charlie\Application Data\vlc

2007-09-13 01:17 --------- d-----w C:\Documents and Settings\Charlie\Application Data\Viewpoint

2007-09-12 20:16 --------- d--h--w C:\Documents and Settings\Charlie\Application Data\ijjigame

2007-09-12 20:08 --------- d-----w C:\Documents and Settings\Charlie\Application Data\NHN Corporation

2007-09-12 20:02 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-09-12 20:02 --------- d-----w C:\Program Files\NHN USA

2007-09-10 16:36 --------- d-----w C:\Documents and Settings\Charlie\Application Data\Talkback

2007-09-07 04:10 --------- d-----w C:\Documents and Settings\Uno\Application Data\Nova Development

2007-09-07 03:57 --------- d-----w C:\Program Files\Common Files\Nova Development

2007-09-07 03:57 --------- d-----w C:\Program Files\Common Files\Crystal Decisions

2007-09-07 03:49 --------- d-----w C:\Program Files\Nova Development

2007-02-02 03:01 2,599,088 ----a-w C:\Program Files\Shockwave_Installer_Slim(3).exe

2006-12-29 04:30 528,315,413 ----a-w C:\Program Files\USAFlyff_6thSetup.exe

2006-12-04 02:34 317,248 ----a-w C:\Program Files\dxwebsetup.exe

2006-09-28 16:56 36,232 ----a-w C:\Documents and Settings\Uno\Application Data\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57A3B35B-DFD7-6AA7-4166-03ED08EB8586}]

2007-10-21 00:55 110592 --a------ C:\Program Files\vlkavjuf\ejvjuavk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{C58A4487-4C2E-45E4-9E3A-52B3A23CC396}"= C:\WINDOWS\htunistock.dll [2007-10-20 10:32 81920]

[HKEY_CLASSES_ROOT\CLSID\{C58A4487-4C2E-45E4-9E3A-52B3A23CC396}]

[HKEY_CLASSES_ROOT\htunistock.ToolBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}]

[HKEY_CLASSES_ROOT\htunistock.ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-16 14:22]

"nwiz"="nwiz.exe" [2003-07-16 14:22 C:\WINDOWS\system32\nwiz.exe]

"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2003-04-17 20:51]

"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]

"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 20:32]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 16:01]

"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07]

"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 15:59 C:\WINDOWS\AGRSMMSG.exe]

"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]

"ATIModeChange"="Ati2mdxx.exe" []

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

"avast!"="D:\Avastfi\ashDisp.exe" [2007-10-25 11:20]

"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2003-03-17 14:52]

"SpySweeper"="D:\SpySweeper\Spy Sweeper\SpySweeper.exe" []

"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"NWEReboot"="" []

"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

"Zinio DLM"="C:\PROGRA~1\Zinio\ZINIOD~2.exe" [2005-03-15 14:53]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []

"Update Service"="C:\Program Files\Common Files\Teknum Systems\update.exe" []

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= file:///C:\WINDOWS\privacy_danger\index.htm

FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"hstsys"= {EE10C817-A6A2-45A8-B903-A8553ADBEA10} - C:\WINDOWS\hstsys.dll [ ]

S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys

S3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

AutoRun\command - G:\LaunchU3.exe -a

.

**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-27 02:13:39

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\win.old 696 bytes

C:\WINDOWS\Windows Update.log 280 bytes

C:\WINDOWS\WindowsShell.Manifest 749 bytes

C:\WINDOWS\WindowsUpdate.log 1664373 bytes

C:\WINDOWS\windowsxp-kb823559-x86-enu.exe 384288 bytes executable

C:\WINDOWS\windowsxp-kb823980-x86-enu.exe 1291040 bytes executable

C:\WINDOWS\winhelp.exe 256192 bytes

C:\WINDOWS\WINHELP.INI 874 bytes

C:\WINDOWS\winhlp32.exe 283648 bytes executable

C:\WINDOWS\wininit.ini 473 bytes

C:\WINDOWS\winnt.bmp 48680 bytes

C:\WINDOWS\winnt256.bmp 48680 bytes

C:\WINDOWS\WinSxS

C:\WINDOWS\WMFDist11.log 29592 bytes

C:\WINDOWS\wmp11.log 17540 bytes

C:\WINDOWS\wmsetup.log 373252 bytes

C:\WINDOWS\wmsetup10.log 2026 bytes

C:\WINDOWS\WMSysPr9.prx 316640 bytes

C:\WINDOWS\WMSysPrx.prx 299552 bytes

C:\WINDOWS\WRServices.dll 424960 bytes executable

C:\WINDOWS\WRUninstall.dll 478720 bytes executable

C:\WINDOWS\Wudf01000Inst.log 10891 bytes

C:\WINDOWS\xpsp1hfm.log 13320 bytes

C:\WINDOWS\yacs.log 1995 bytes

C:\WINDOWS\Zapotec.bmp 9522 bytes

C:\WINDOWS\_default.pif 707 bytes

scan completed successfully

hidden files: 26

**************************************************************************

.

Completion time: 2007-10-27 2:15:07 - machine was rebooted

.

--- E O F ---

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:19:43 AM, on 10/27/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\pfi\AdAwarefi\aawservice.exe

D:\Avastfi\aswUpdSv.exe

D:\Avastfi\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

D:\a-squaredfi\a-squared Free\a2service.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\program files\support.com\client\bin\tgcmd.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\AGRSMMSG.exe

D:\Avastfi\ashDisp.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\PROGRA~1\Zinio\ZINIOD~2.EXE

C:\WINDOWS\system32\ctfmon.exe

D:\Avastfi\ashMaiSv.exe

D:\Avastfi\ashWebSv.exe

D:\FireFoxfi\firefox.exe

D:\pfi\Hijackthisfi\HJTInstall.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\pfi\SpyBotfi\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {57A3B35B-DFD7-6AA7-4166-03ED08EB8586} - C:\Program Files\vlkavjuf\ejvjuavk.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: The htunistock - {C58A4487-4C2E-45E4-9E3A-52B3A23CC396} - C:\WINDOWS\htunistock.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [avast!] D:\Avastfi\ashDisp.exe

O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe

O4 - HKLM\..\Run: [spySweeper] "D:\SpySweeper\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZINIOD~2.EXE /hide

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Microsoft Office.lnk = D:\MOxp\Office10\OSA.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MOxp\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112054684937

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DC122E3-FB03-4F71-BC6D-15EE27DB6307}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{B821443B-D772-4392-A6BF-28E93BD36F8D}: NameServer = 85.255.115.99,85.255.112.90

O17 - HKLM\System\CCS\Services\Tcpip\..\{E81F8FAA-3870-4552-889C-58ACA6128947}: NameServer = 85.255.115.99,85.255.112.90

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O21 - SSODL: hstsys - {EE10C817-A6A2-45A8-B903-A8553ADBEA10} - C:\WINDOWS\hstsys.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a-squaredfi\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\pfi\AdAwarefi\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Avastfi\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Avastfi\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Avastfi\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Avastfi\ashWebSv.exe

O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 10721 bytes

Edited by intocomputing2
Link to post
Share on other sites

Sorry for the delay in replying; had a few real life projects I needed to get finished for today.

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please save this report to your desktop.

Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

Please download FixWareout from here:

http://downloads.subratam.org/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.

The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.

Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt), the smitfraudfix report that you saved earlier and a new Hijackthis log.

-Ryan

Link to post
Share on other sites

ok thanks for the reply, I'll proceed to follow your recommendations murphy....

on a side note, the virus messages have suddenly stopped, I think it was after running combofix. However, autoplay for certain things (such as when you insert a CD or a DVD) has stopped as well, but I'm still able to play them

Edited by intocomputing2
Link to post
Share on other sites

Fixwareout log:

Username "Uno" - 11/01/2007 22:43:21 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B821443B-D772-4392-A6BF-28E93BD36F8D}

"nameserver"="85.255.115.99,85.255.112.90" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E81F8FAA-3870-4552-889C-58ACA6128947}

"nameserver"="85.255.115.99,85.255.112.90" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B821443B-D772-4392-A6BF-28E93BD36F8D}

"DhcpNameServer"="85.255.115.99,85.255.112.90" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E81F8FAA-3870-4552-889C-58ACA6128947}

"DhcpNameServer"="85.255.115.99,85.255.112.90" <Value cleared.

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "System"=""

....

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "ttasc" Value deleted

HKCR\CLSID\{B7AC9CB0-3FEE-4629-97B2-BEA4E2B69958}\_h\4 Deleted.

....

~~~~~ Misc files.

....

~~~~~ Checking for older varients.

....

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /installquiet"

"CreateCD_Reminder"="C:\\WINDOWS\\Sonysys\\VAIO Recovery\\reminder.exe"

"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"

"ZTgServerSwitch"="\"c:\\program files\\support.com\\client\\bin\\tgcmd.exe\" /server"

"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"

"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"

"AGRSMMSG"="AGRSMMSG.exe"

"VAIO Recovery"="C:\\Windows\\Sonysys\\VAIO Recovery\\PartSeal.exe"

"ATIModeChange"="Ati2mdxx.exe"

"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\

6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00

"avast!"="D:\\Avastfi\\ashDisp.exe"

"VAIOSurvey"="c:\\program files\\sony\\vaio survey\\surveysa.exe"

"SpySweeper"="\"D:\\SpySweeper\\Spy Sweeper\\SpySweeper.exe\" /startintray"

"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"

"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

"NWEReboot"=""

"YSearchProtection"="\"C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

"Zinio DLM"="C:\\PROGRA~1\\Zinio\\ZINIOD~2.EXE /hide"

"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

"Update Service"="\"C:\\Program Files\\Common Files\\Teknum Systems\\update.exe\" /startup"

"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~ End report ~~~~~

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:53:34 PM, on 11/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\pfi\AdAwarefi\aawservice.exe

D:\Avastfi\aswUpdSv.exe

D:\Avastfi\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

D:\a-squaredfi\a-squared Free\a2service.exe

C:\WINDOWS\System32\svchost.exe

D:\Avastfi\ashMaiSv.exe

D:\Avastfi\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\program files\support.com\client\bin\tgcmd.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\AGRSMMSG.exe

D:\Avastfi\ashDisp.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

D:\FIREFO~1\FIREFOX.EXE

D:\pfi\Hijackthisfi\HJTInstall.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\pfi\SpyBotfi\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {57A3B35B-DFD7-6AA7-4166-03ED08EB8586} - C:\Program Files\vlkavjuf\ejvjuavk.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: The htunistock - {C58A4487-4C2E-45E4-9E3A-52B3A23CC396} - C:\WINDOWS\htunistock.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [avast!] D:\Avastfi\ashDisp.exe

O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe

O4 - HKLM\..\Run: [spySweeper] "D:\SpySweeper\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZINIOD~2.EXE /hide

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Microsoft Office.lnk = D:\MOxp\Office10\OSA.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MOxp\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112054684937

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DC122E3-FB03-4F71-BC6D-15EE27DB6307}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O21 - SSODL: hstsys - {EE10C817-A6A2-45A8-B903-A8553ADBEA10} - C:\WINDOWS\hstsys.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a-squaredfi\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\pfi\AdAwarefi\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Avastfi\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Avastfi\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Avastfi\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Avastfi\ashWebSv.exe

O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 10477 bytes

Edited by intocomputing2
Link to post
Share on other sites

ComboFix Log:

ComboFix 07-10-23.2 - Uno 2007-11-03 13:07:38.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.205 [GMT -4:00]

Running from: C:\Documents and Settings\Uno\Desktop\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))

.

2007-11-01 18:22 <DIR> d-------- C:\Program Files\Gpotato

2007-10-27 02:04 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-21 00:55 <DIR> d-------- C:\Program Files\vlkavjuf

2007-10-21 00:48 278,528 --a------ C:\WINDOWS\ntspkfxt.dll

2007-10-21 00:48 81,920 --a------ C:\WINDOWS\htunistock.dll

2007-10-19 17:20 <DIR> d-------- C:\Documents and Settings\Uno\Application Data\PowerChallenge

2007-10-11 20:39 <DIR> d-------- C:\Documents and Settings\Charlie\Application Data\PowerChallenge

2007-10-10 01:27 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-03 07:47 --------- d-----w C:\Documents and Settings\Uno\Application Data\uTorrent

2007-11-01 22:25 --------- d-----w C:\Program Files\Microsoft Games

2007-11-01 07:56 --------- d-----w C:\Program Files\uTorrent

2007-10-25 16:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-25 16:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-10-25 16:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-10-25 16:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-25 15:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-25 15:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-10-25 15:14 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-10-11 20:54 --------- d-----w C:\Documents and Settings\Uno\Application Data\Yahoo!

2007-10-08 05:54 --------- d-----w C:\Program Files\Yahoo!

2007-09-30 01:42 --------- d-----w C:\Documents and Settings\Charlie\Application Data\Yahoo!

2007-09-27 23:02 --------- d-----w C:\Documents and Settings\Charlie\Application Data\U3

2007-09-27 22:56 --------- d-----w C:\Documents and Settings\Uno\Application Data\U3

2007-09-20 04:47 --------- d-----w C:\Program Files\Joost

2007-09-14 02:10 --------- d-----w C:\Documents and Settings\Charlie\Application Data\vlc

2007-09-13 01:17 --------- d-----w C:\Documents and Settings\Charlie\Application Data\Viewpoint

2007-09-12 20:16 --------- d--h--w C:\Documents and Settings\Charlie\Application Data\ijjigame

2007-09-12 20:08 --------- d-----w C:\Documents and Settings\Charlie\Application Data\NHN Corporation

2007-09-12 20:02 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-09-12 20:02 --------- d-----w C:\Program Files\NHN USA

2007-09-10 16:36 --------- d-----w C:\Documents and Settings\Charlie\Application Data\Talkback

2007-09-10 15:55 692,224 ----a-w C:\WINDOWS\system32\ijjiSetup.exe

2007-09-07 04:10 --------- d-----w C:\Documents and Settings\Uno\Application Data\Nova Development

2007-09-07 03:57 --------- d-----w C:\Program Files\Common Files\Nova Development

2007-09-07 03:57 --------- d-----w C:\Program Files\Common Files\Crystal Decisions

2007-09-07 03:49 --------- d-----w C:\Program Files\Nova Development

2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-02-02 03:01 2,599,088 ----a-w C:\Program Files\Shockwave_Installer_Slim(3).exe

2006-12-04 02:34 317,248 ----a-w C:\Program Files\dxwebsetup.exe

2006-09-28 16:56 36,232 ----a-w C:\Documents and Settings\Uno\Application Data\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((( snapshot@2007-10-27_ 2.14.24.28 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-11-02 16:07:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4d0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57A3B35B-DFD7-6AA7-4166-03ED08EB8586}]

2007-10-21 00:55 110592 --a------ C:\Program Files\vlkavjuf\ejvjuavk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{C58A4487-4C2E-45E4-9E3A-52B3A23CC396}"= C:\WINDOWS\htunistock.dll [2007-10-20 10:32 81920]

[HKEY_CLASSES_ROOT\CLSID\{C58A4487-4C2E-45E4-9E3A-52B3A23CC396}]

[HKEY_CLASSES_ROOT\htunistock.ToolBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}]

[HKEY_CLASSES_ROOT\htunistock.ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-16 14:22]

"nwiz"="nwiz.exe" [2003-07-16 14:22 C:\WINDOWS\system32\nwiz.exe]

"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2003-04-17 20:51]

"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]

"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 20:32]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 16:01]

"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07]

"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 15:59 C:\WINDOWS\AGRSMMSG.exe]

"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]

"ATIModeChange"="Ati2mdxx.exe" []

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

"avast!"="D:\Avastfi\ashDisp.exe" [2007-10-25 11:20]

"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2003-03-17 14:52]

"SpySweeper"="D:\SpySweeper\Spy Sweeper\SpySweeper.exe" []

"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"NWEReboot"="" []

"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

"Zinio DLM"="C:\PROGRA~1\Zinio\ZINIOD~2.exe" [2005-03-15 14:53]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []

"Update Service"="C:\Program Files\Common Files\Teknum Systems\update.exe" []

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= file:///C:\WINDOWS\privacy_danger\index.htm

FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"hstsys"= {EE10C817-A6A2-45A8-B903-A8553ADBEA10} - C:\WINDOWS\hstsys.dll [ ]

S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys

S3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

AutoRun\command - G:\LaunchU3.exe -a

.

**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-03 13:09:56

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\win.old 696 bytes

C:\WINDOWS\Windows Update.log 280 bytes

C:\WINDOWS\WindowsShell.Manifest 749 bytes

C:\WINDOWS\WindowsUpdate.log 1949698 bytes

C:\WINDOWS\windowsxp-kb823559-x86-enu.exe 384288 bytes executable

C:\WINDOWS\windowsxp-kb823980-x86-enu.exe 1291040 bytes executable

C:\WINDOWS\winhelp.exe 256192 bytes

C:\WINDOWS\WINHELP.INI 874 bytes

C:\WINDOWS\winhlp32.exe 283648 bytes executable

C:\WINDOWS\wininit.ini 473 bytes

C:\WINDOWS\winnt.bmp 48680 bytes

C:\WINDOWS\winnt256.bmp 48680 bytes

C:\WINDOWS\WinSxS

C:\WINDOWS\WMFDist11.log 29592 bytes

C:\WINDOWS\wmp11.log 17540 bytes

C:\WINDOWS\wmsetup.log 376879 bytes

C:\WINDOWS\wmsetup10.log 2026 bytes

C:\WINDOWS\WMSysPr9.prx 316640 bytes

C:\WINDOWS\WMSysPrx.prx 299552 bytes

C:\WINDOWS\WRServices.dll 424960 bytes executable

C:\WINDOWS\WRUninstall.dll 478720 bytes executable

C:\WINDOWS\Wudf01000Inst.log 10891 bytes

C:\WINDOWS\xpsp1hfm.log 13320 bytes

C:\WINDOWS\yacs.log 1995 bytes

C:\WINDOWS\Zapotec.bmp 9522 bytes

C:\WINDOWS\_default.pif 707 bytes

IPC error: 2 The system cannot find the file specified.

scan completed successfully

hidden files: 26

**************************************************************************

.

Completion time: 2007-11-03 13:10:41

C:\ComboFix2.txt ... 2007-10-27 02:15

.

--- E O F ---

Hijackthis Uninstall list:

3D Groove Playback Engine

AC3Filter (remove only)

Ad-Aware 2007

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Reader 8.1.0

Adobe Reader Japanese Fonts

Adobe Shockwave Player

Age of Empires II

Agere Systems AC'97 Modem

Art Explosion Publisher Pro Silver Edition

a-squared Free 2.0

AT&T Worldnet Setup

ATI Control Panel

ATI Display Driver

avast! Antivirus

BitTorrent 4.0.1

Borland C++ 5.02

Canon MP Drivers

Canon MP Toolbox 4.1

CCleaner (remove only)

Click to DVD 1.3

Crimson Editor (remove only)

Dell Photo Printer 720

DivX

DivX Content Uploader

DivX Player

DivX Web Player

Drag'n Drop CD+DVD

Drift City

DVD Decrypter (Remove Only)

DVD Shrink 3.2

DVgate Plus

FLV Player 1.3.3

HandyBits File Shredder

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB926239)

ijji - Gunz

ijji Auto Installer

ImgBurn (Remove Only)

Intel® Extreme Graphics Driver

Intel® PRO Network Adapters and Drivers

J2SE Runtime Environment 5.0 Update 6

jetAudio

Joost 0.10.9

Learn2 Player (Uninstall Only)

LiveReg (Symantec Corporation)

LiveUpdate 1.80 (Symantec Corporation)

MagChat 1.0.9

Memory Stick Formatter

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internet Print Services

Microsoft Money 2004

Microsoft Money 2004 System Pack

Microsoft Office Excel MUI (Spanish) 2007

Microsoft Office Outlook MUI (Spanish) 2007

Microsoft Office PowerPoint MUI (Spanish) 2007

Microsoft Office Proof (Basque) 2007

Microsoft Office Proof (Catalan) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Galician) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Spanish) 2007

Microsoft Office Shared MUI (Spanish) 2007

Microsoft Office Word MUI (Spanish) 2007

Microsoft Office XP Standard for Students and Teachers

Microsoft Reader

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Works 7.0

MoodLogic

Mozilla Firefox (2.0.0.9)

MSN Music Assistant

Music Visualizer Library 1.4.00

NoteTab Light (Remove only)

NVIDIA Windows 2000/XP Display Drivers

OpenMG Limited Patch 3.2-03-02-21-08

OpenMG Limited Patch 3.2-03-03-18-01

OpenMG Limited Patch 3.2-03-04-14-02

OpenMG Secure Module 3.2

PC Inspector File Recovery

PeerGuardian 2.0

PictureGear Studio 2.0

PowerDVD

Quicken 2003 New User Edition

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB939653)

Security Update for Windows XP (KB941202)

Shareaza version 2.2.1.0

Shockwave

SonicStage 1.6.00

Sony Certificate PCH

Sony Digital Voice Editor 2

Sony Video Shared Library

Spybot - Search & Destroy 1.4

Trillian

Turbo Tax Offer

Unreal Tournament 2004 Demo

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

VAIO BrightColor Wallpaper

VAIO Help and Support

VAIO Media 2.6

VAIO Media Integrated Server 2.6

VAIO Media Redistribution 2.6

VAIO Registration

VAIO Support

VAIO Survey Standalone

VAIO System Information

VideoLAN VLC media player 0.8.6

Viewpoint Media Player

Vodei Multimedia Processor 2.10

Welcome to VAIO life

Winamp (remove only)

WinAVIVideoConverter

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows Media Player 9 Hotfix [see KB885492 for more information]

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Service Pack 2

WinRAR archiver

Yahoo! Messenger

Zinio Reader

Edited by intocomputing2
Link to post
Share on other sites

Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {57A3B35B-DFD7-6AA7-4166-03ED08EB8586} - C:\Program Files\vlkavjuf\ejvjuavk.dll

O3 - Toolbar: The htunistock - {C58A4487-4C2E-45E4-9E3A-52B3A23CC396} - C:\WINDOWS\htunistock.dll

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O21 - SSODL: hstsys - {EE10C817-A6A2-45A8-B903-A8553ADBEA10} - C:\WINDOWS\hstsys.dll (file missing)

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Close all open windows except for HiJack This and click fix checked.

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\htunistock.dll
C:\WINDOWS\hstsys.dll

Folder::
C:\Program Files\vlkavjuf\
C:\WINDOWS\privacy_danger\

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.

Also, do you have a flash drive, CD (or I'm pretty sure that it will fit on a floppy disk) that you could put smitfraudfix onto?

-Ryan

Link to post
Share on other sites
Guest
This topic is now closed to further replies.