Solved Virus alert!

[Resolved]Virus alert!

I have VIRUS ALERT! shown next to the clock in the taskbar....security alert keeps popping up and even websites to advertis some sor of spyware program. Scanned fully using avg including adaware, deleted cookies, but to no avail as it keeps popping up.....even the C: in my computer disappeared.

ran spybot and there were vistantivirus2008 + smitfraud + others and although I told it to remove them they re-appeared in the next scan. Can someone help?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28: VIRUS ALERT!, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\DOCUME~1\Claudine\LOCALS~1\Temp\atmadm2.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Windows\SysF7.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cscript.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: sqvgnrpx - {88BD6C7F-49B8-4873-AF65-38706E659377} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [DelayLoad] C:\DOCUME~1\Claudine\LOCALS~1\Temp\atmadm2.exe
O4 - HKLM\..\Run: [20dcd316] rundll32.exe "C:\WINDOWS\system32\mjjudoiw.dll ",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1211808469281
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: fsrpknov - {41C11FF4-731A-42F6-A143-621487D91F8E} - C:\WINDOWS\fsrpknov.dll
O21 - SSODL: fdxbameg - {1D61A184-D129-4D7D-8E3E-E8CA9888B29B} - C:\WINDOWS\fdxbameg.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7372 bytes

 

ok cleaned pc using smitfraud and when rebooted the AVG resident shield alert is telling me I have Trojan HOrse generic10 infections on some dll files....when I clicked on REMOVE THREATS it told me this could affect the system....what can I do to get rid of them without harming the pc please?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:49, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.go.com.mt/mygo
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53BD1957-73A4-4C51-A766-E8C984B2557E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81961EE3-FAEA-44B8-9289-F8CB226650A1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B364AADE-53FA-4779-8643-D833B8969F10} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E982B835-1DAA-42A5-9C26-DD91DD5BAA8C} - C:\WINDOWS\system32\pmnolLEW.dll
O2 - BHO: (no name) - {F8AC36D7-F602-4B69-99B5-2A812E05779F} - C:\WINDOWS\system32\wvUoPgDU.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: sqvgnrpx - {88BD6C7F-49B8-4873-AF65-38706E659377} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [DelayLoad] C:\DOCUME~1\Claudine\LOCALS~1\Temp\atmadm2.exe
O4 - HKLM\..\Run: [20dcd316] rundll32.exe "C:\WINDOWS\system32\yatldgkp.dll ",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1211808469281
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: wvUoPgDU - wvUoPgDU.dll (file missing)
O21 - SSODL: fsrpknov - {41C11FF4-731A-42F6-A143-621487D91F8E} - C:\WINDOWS\fsrpknov.dll
O21 - SSODL: fdxbameg - {1D61A184-D129-4D7D-8E3E-E8CA9888B29B} - C:\WINDOWS\fdxbameg.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8212 bytes

 

Hi bombagirl
Welcome back.

Please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Thanks
Geri

 

Combo log:

ComboFix 08-07-13.8 - Claudine 2008-07-14 8:45:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.154 [GMT 2:00]
Running from: C:\Documents and Settings\Claudine\My Documents\downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Program Files\VAV
C:\Program Files\VAV\vav.cpl
C:\Program Files\VAV\vav.ooo
C:\WINDOWS\espk.exe
C:\WINDOWS\fsrpknov.dll
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\system32\pkgdltay.ini
C:\WINDOWS\system32\sbmkxmbu.ini
C:\WINDOWS\system32\ubmxkmbs.dll
C:\WINDOWS\system32\WELlonmp.ini
C:\WINDOWS\system32\WELlonmp.ini2
C:\WINDOWS\system32\wiodujjm.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-13 13:42 . 2008-07-13 13:42 <DIR> d-------- C:\Program Files\Tavultesoft
2008-07-13 13:42 . 2008-07-13 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tavultesoft
2008-07-13 10:21 . 2008-07-13 10:21 3,160 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-13 10:20 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-13 10:20 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-13 10:20 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-13 10:20 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-13 10:20 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-13 10:20 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-13 10:20 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-13 10:20 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-13 10:20 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-12 23:28 . 2008-07-12 23:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-12 23:14 . 2008-07-12 23:29 505 --a------ C:\WINDOWS\wininit.ini
2008-07-12 22:53 . 2008-07-12 22:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-12 22:53 . 2008-07-12 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-12 21:08 . 2008-07-12 21:08 322,816 --a------ C:\WINDOWS\system32\pmnolLEW.dll
2008-07-12 21:06 . 2008-07-12 21:06 33,152 --a------ C:\WINDOWS\system32\urqQGywx.dll
2008-07-12 21:06 . 2008-07-12 21:06 33,152 --a------ C:\WINDOWS\system32\nnnmnkhG.dll
2008-07-12 21:03 . 2008-07-12 21:03 33,152 --a------ C:\WINDOWS\system32\jkkHApmj.dll
2008-07-12 21:03 . 2008-07-12 21:03 33,152 --a------ C:\WINDOWS\system32\hgGxYSLC.dll
2008-07-12 21:03 . 2008-07-11 15:51 30,208 --a------ C:\WINDOWS\SysF7.exe
2008-07-12 21:02 . 2008-07-12 21:02 33,152 --a------ C:\WINDOWS\system32\ddcDULcB.dll
2008-07-12 20:52 . 2008-07-12 20:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-11 17:06 . 2008-07-11 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-08 17:14 . 2008-07-08 17:14 244 --ah----- C:\sqmnoopt01.sqm
2008-07-08 17:14 . 2008-07-08 17:14 232 --ah----- C:\sqmdata01.sqm
2008-07-08 17:14 . 2008-07-08 17:14 136 --ah----- C:\sqmdata02.sqm
2008-07-06 15:56 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-07-06 15:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-06 15:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-06 15:56 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-07-05 20:00 . 2008-07-05 20:00 <DIR> d-------- C:\Documents and Settings\Claudine\Application Data\Apple Computer
2008-07-04 20:07 . 2008-07-04 20:21 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-07-04 20:07 . 2008-07-04 20:20 23 --a------ C:\Documents and Settings\Claudine\jagex_runescape_preferences.dat
2008-07-04 20:06 . 2008-07-04 20:06 <DIR> d-------- C:\WINDOWS\Sun
2008-07-04 19:32 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-04 19:31 . 2008-07-05 00:41 <DIR> d-------- C:\Program Files\Java
2008-07-04 19:27 . 2008-07-04 19:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-29 16:08 . 2008-07-01 06:57 <DIR> d-------- C:\Documents and Settings\Claudine\Application Data\Ulead Systems
2008-06-29 16:06 . 2008-06-29 16:06 <DIR> d-------- C:\SmartSound Software
2008-06-29 16:06 . 2008-06-29 16:06 <DIR> d-------- C:\Program Files\SmartSound Software
2008-06-29 16:06 . 2008-06-29 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-06-29 16:05 . 2008-06-29 16:05 <DIR> d-------- C:\Program Files\Windows Media Components
2008-06-29 16:05 . 2008-06-29 16:06 <DIR> d-------- C:\Program Files\QuickTime
2008-06-29 16:05 . 2008-06-29 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-29 16:05 . 2008-06-29 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-29 16:05 . 2008-07-13 09:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-29 16:05 . 2008-06-29 16:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-29 16:04 . 2008-06-29 16:05 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-29 16:04 . 2008-06-29 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-29 16:00 . 2008-06-29 16:04 <DIR> d-------- C:\Program Files\Ulead Systems
2008-06-25 16:21 . 2008-06-25 16:21 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-25 16:21 . 2008-06-25 16:21 <DIR> d-------- C:\Program Files\TryMedia
2008-06-25 16:21 . 2008-06-25 16:21 827,392 --a------ C:\WINDOWS\system32\FLASH.OCX
2008-06-25 16:20 . 2008-06-25 16:20 <DIR> d-------- C:\Program Files\Anarchy
2008-06-24 12:57 . 2008-06-24 12:57 <DIR> d-------- C:\Documents and Settings\Claudine\Application Data\CyberLink
2008-06-21 09:58 . 2008-06-21 09:58 <DIR> d-------- C:\WINDOWS\Desktop
2008-06-21 09:58 . 2008-06-21 09:58 <DIR> d-------- C:\Program Files\Hooked on Phonics Learning
2008-06-21 09:58 . 2008-06-21 10:00 205 --a------ C:\WINDOWS\Hop.ini
2008-06-20 13:44 . 2008-06-20 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-20 13:43 . 2008-06-20 13:44 <DIR> d-------- C:\Program Files\Belles Beauty Boutique
2008-06-20 13:43 . 2007-01-04 13:37 <DIR> d-------- C:\Belle's Beauty Boutique
2008-06-19 13:11 . 1997-07-31 09:42 92,208 --a------ C:\WINDOWS\system\WING.DLL
2008-06-19 13:11 . 1997-07-31 09:42 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2008-06-19 13:02 . 2008-06-19 13:02 <DIR> d-------- C:\Documents and Settings\Claudine\WINDOWS
2008-06-19 13:02 . 2008-07-12 22:38 <DIR> d-------- C:\CGLP
2008-06-19 13:02 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe
2008-06-19 13:02 . 1997-07-31 09:42 188,960 --a------ C:\WINDOWS\system32\WINGDE.DLL
2008-06-19 13:02 . 1997-07-31 09:42 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2008-06-19 13:02 . 1997-07-31 09:42 12,800 --a------ C:\WINDOWS\system32\WING32.DLL
2008-06-19 13:02 . 1997-07-31 09:42 6,736 --a------ C:\WINDOWS\system32\WINGDIB.DRV
2008-06-19 13:02 . 1997-07-31 09:42 5,024 --a------ C:\WINDOWS\system32\WINGPAL.WND
2008-06-19 13:02 . 2008-07-05 09:25 56 --a------ C:\WINDOWS\cglp.ini
2008-06-15 11:53 . 2008-07-12 20:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-15 11:53 . 2008-07-09 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 11:01 . 2008-06-15 11:01 <DIR> d-------- C:\Program Files\CyberLink
2008-06-15 11:01 . 2008-06-15 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-14 14:31 . 2008-06-23 07:06 28 --a------ C:\WINDOWS\v2d.INI
2008-06-14 14:29 . 2008-06-14 16:27 <DIR> d-------- C:\Program Files\Total Video2DVD Author

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 18:42 --------- d-----w C:\Program Files\eMule
2008-07-12 20:39 --------- d-----w C:\Program Files\xp-AntiSpy
2008-07-12 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-08 16:16 --------- d-----w C:\Documents and Settings\Claudine\Application Data\dvdcss
2008-07-04 07:21 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 07:21 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-02 15:02 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-29 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-29 14:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 14:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-23 14:42 --------- d-----w C:\Documents and Settings\Claudine\Application Data\Ahead
2008-06-12 10:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-07 13:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-05 17:34 --------- d-----w C:\Program Files\D-Tools
2008-06-05 11:45 --------- d-----w C:\Program Files\Google
2008-06-05 11:45 --------- d-----w C:\Program Files\DivX
2008-06-05 10:51 --------- d-----w C:\Program Files\WinAVIVideoConverter
2008-06-02 10:44 --------- d-----w C:\Program Files\DVD Shrink
2008-06-01 11:41 --------- d-----w C:\Documents and Settings\eMule_Secure\Application Data\vlc
2008-06-01 11:29 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-05-26 18:27 --------- d-----w C:\Documents and Settings\Claudine\Application Data\vlc
2008-05-26 17:59 --------- d-----w C:\Program Files\Windows Live
2008-05-26 17:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-26 17:58 --------- d-----w C:\Program Files\Windows Live Favorites
2008-05-26 17:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-26 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-26 11:59 --------- d-----w C:\Program Files\AVG
2008-05-26 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
.

------- Sigcheck -------

2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2004-08-04 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\65cb51275f131ad95a646f305f973e3a\tcpip.sys
2008-06-01 13:29 359808 ba57942c0029b0878afba052a3e33689 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-01 13:29 359808 ba57942c0029b0878afba052a3e33689 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC900ABB-4AE1-4109-B34F-1F866E741F03}]
2008-07-12 21:08 322816 --a------ C:\WINDOWS\system32\pmnolLEW.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-01 08:41 68856]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC "= "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]
"NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 09:21 1232152]
"DAEMON Tools-1033 "= "C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"UVS10 Preload "= "C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52 36864]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-06-29 16:06 155648]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"20dcd316 "= "C:\WINDOWS\system32\uefsjkch.dll" [2008-07-14 08:51 93184]
"RTHDCPL "= "RTHDCPL.EXE" [2006-08-14 15:00 16050176 C:\WINDOWS\RTHDCPL.exe]
"SkyTel "= "SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmnolLEW

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"C:\\Program Files\\eMule\\emule.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 09:21]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 09:21]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 09:21]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 09:21]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 06:29:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -

BHO-{53BD1957-73A4-4C51-A766-E8C984B2557E} - (no file)
BHO-{81961EE3-FAEA-44B8-9289-F8CB226650A1} - (no file)
BHO-{B364AADE-53FA-4779-8643-D833B8969F10} - (no file)
BHO-{F8AC36D7-F602-4B69-99B5-2A812E05779F} - C:\WINDOWS\system32\wvUoPgDU.dll
Toolbar-{88BD6C7F-49B8-4873-AF65-38706E659377} - C:\WINDOWS\sqvgnrpx.dll
HKLM-Run-Ad-Watch - C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
HKLM-Run-NWEReboot - (no file)
ShellExecuteHooks-{F8AC36D7-F602-4B69-99B5-2A812E05779F} - C:\WINDOWS\system32\wvUoPgDU.dll
SSODL-fsrpknov-{41C11FF4-731A-42F6-A143-621487D91F8E} - C:\WINDOWS\fsrpknov.dll
SSODL-fdxbameg-{1D61A184-D129-4D7D-8E3E-E8CA9888B29B} - C:\WINDOWS\fdxbameg.dll
Notify-wvUoPgDU - wvUoPgDU.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 08:49:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\WELlonmp.ini 487 bytes
C:\WINDOWS\system32\WELlonmp.ini2 347 bytes
C:\WINDOWS\system32\mucltui.dll 271224 bytes executable
C:\WINDOWS\system32\mucltui.dll.mui 30072 bytes executable
C:\WINDOWS\system32\muweb.dll 207736 bytes executable
C:\WINDOWS\system32\uefsjkch.dll 93184 bytes executable

scan completed successfully
hidden files: 6

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-14 8:53:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 06:53:07

Pre-Run: 21,445,918,720 bytes free
Post-Run: 21,417,426,944 bytes free

258


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:57:24, on 7/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.go.com.mt/mygo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [20dcd316] rundll32.exe "C:\WINDOWS\system32\uefsjkch.dll ",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1211808469281
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5C22C08-01AF-4B65-AA07-BCE85DF1DC60}: NameServer = 212.56.128.132,212.56.128.196
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6749 bytes


whenever my pc restarts a window pops up telling me:
error loading C:\Windows\System32\yatldkgp.dll

why is that?

 

Hi

We need to scan some files.

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into *the * "File to upload & scan "box on the top of the page: one at a time
  
  • C:\WINDOWS\cglp.ini
    C:\WINDOWS\system\WING.DLL
    C:\WINDOWS\system\WING32.DLL
    C:\WINDOWS\system32\WINGDE.DLL
    C:\WINDOWS\system32\WING.DLL
    C:\WINDOWS\system32\WING32.DLL
    C:\WINDOWS\system32\WINGDIB.DRV
    C:\WINDOWS\system32\WINGPAL.WND
• Click on the submit button
  
• Please post the results in your next reply.

I'm sure you have been warned before about P2P software ( eMule Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at Windowsbbs Virus and Spyware removal.

Geri

 

I got this malware from downloading something from a website....I never got any virus from Emule.....thanks for the help

 

Scanned with Jotti and nothing was found in these files

 

Hi bombagirl
OK Thanks

Please do this.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
C:\WINDOWS\system32\pmnolLEW.dll
C:\WINDOWS\system32\urqQGywx.dll
C:\WINDOWS\system32\nnnmnkhG.dll
C:\WINDOWS\system32\jkkHApmj.dll
C:\WINDOWS\system32\hgGxYSLC.dll
C:\WINDOWS\SysF7.exe
C:\WINDOWS\system32\ddcDULcB.dll
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\WINDOWS\system32\WELlonmp.ini 
C:\WINDOWS\system32\WELlonmp.ini2 
C:\WINDOWS\system32\uefsjkch.dll 
C:\Windows\System32\yatldkgp.dll

Folder::
C:\Program Files\TryMedia
C:\Documents and Settings\All Users\Application Data\Trymedia

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC900ABB-4AE1-4109-B34F-1F866E741F03}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "20dcd316 "=- 

Thanks
Geri

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:45, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.go.com.mt/mygo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1211808469281
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5C22C08-01AF-4B65-AA07-BCE85DF1DC60}: NameServer = 212.56.128.132,212.56.128.196
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7644 bytes

 

Hi
Would you post the Combofix log it produced after running the CFScript.

Thanks
Geri

 

kindly ignore my previous post....

ComboFix 08-07-13.8 - Claudine 2008-07-16 19:37:47.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.208 [GMT 2:00]
Running from: C:\Documents and Settings\Claudine\My Documents\downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Claudine\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-07-14 08:51 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-14 08:51 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-14 08:51 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-13 13:42 . 2008-07-13 13:42 <DIR> d-------- C:\Program Files\Tavultesoft
2008-07-13 13:42 . 2008-07-13 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tavultesoft
2008-07-13 10:21 . 2008-07-13 10:21 3,160 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-13 10:20 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-13 10:20 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-13 10:20 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-13 10:20 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-13 10:20 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-13 10:20 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-13 10:20 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-13 10:20 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-13 10:20 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-12 23:28 . 2008-07-12 23:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-12 23:14 . 2008-07-12 23:29 505 --a------ C:\WINDOWS\wininit.ini
2008-07-12 22:53 . 2008-07-12 22:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-12 22:53 . 2008-07-12 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-12 20:52 . 2008-07-12 20:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-11 17:06 . 2008-07-11 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-08 17:14 . 2008-07-08 17:14 244 --ah----- C:\sqmnoopt01.sqm
2008-07-08 17:14 . 2008-07-08 17:14 232 --ah----- C:\sqmdata01.sqm
2008-07-08 17:14 . 2008-07-08 17:14 136 --ah----- C:\sqmdata02.sqm
2008-07-06 15:56 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-07-06 15:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-06 15:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-06 15:56 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-07-05 20:00 . 2008-07-05 20:00 <DIR> d-------- C:\Documents and Settings\Claudine\Application Data\Apple Computer
2008-07-04 20:07 . 2008-07-04 20:21 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-07-04 20:07 . 2008-07-04 20:20 23 --a------ C:\Documents and Settings\Claudine\jagex_runescape_preferences.dat
2008-07-04 20:06 . 2008-07-04 20:06 <DIR> d-------- C:\WINDOWS\Sun
2008-07-04 19:32 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-04 19:31 . 2008-07-05 00:41 <DIR> d-------- C:\Program Files\Java
2008-07-04 19:27 . 2008-07-04 19:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-29 16:08 . 2008-07-01 06:57 <DIR> d-------- C:\Documents and Settings\Claudine\Application Data\Ulead Systems
2008-06-29 16:06 . 2008-06-29 16:06 <DIR> d-------- C:\SmartSound Software
2008-06-29 16:06 . 2008-06-29 16:06 <DIR> d-------- C:\Program Files\SmartSound Software
2008-06-29 16:06 . 2008-06-29 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-06-29 16:05 . 2008-06-29 16:05 <DIR> d-------- C:\Program Files\Windows Media Components
2008-06-29 16:05 . 2008-06-29 16:06 <DIR> d-------- C:\Program Files\QuickTime
2008-06-29 16:05 . 2008-06-29 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-29 16:05 . 2008-06-29 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-29 16:04 . 2008-06-29 16:05 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-29 16:04 . 2008-06-29 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-29 16:00 . 2008-06-29 16:04 <DIR> d-------- C:\Program Files\Ulead Systems
2008-06-25 16:21 . 2008-06-25 16:21 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-25 16:21 . 2008-06-25 16:21 827,392 --a------ C:\WINDOWS\system32\FLASH.OCX
2008-06-25 16:20 . 2008-06-25 16:20 <DIR> d-------- C:\Program Files\Anarchy
2008-06-24 12:57 . 2008-06-24 12:57 <DIR> d-------- C:\Documents and Settings\Claudine\Application Data\CyberLink
2008-06-21 09:58 . 2008-06-21 09:58 <DIR> d-------- C:\WINDOWS\Desktop
2008-06-21 09:58 . 2008-06-21 09:58 <DIR> d-------- C:\Program Files\Hooked on Phonics Learning
2008-06-21 09:58 . 2008-06-21 10:00 205 --a------ C:\WINDOWS\Hop.ini
2008-06-20 13:43 . 2008-06-20 13:44 <DIR> d-------- C:\Program Files\Belles Beauty Boutique
2008-06-20 13:43 . 2007-01-04 13:37 <DIR> d-------- C:\Belle's Beauty Boutique
2008-06-19 13:11 . 1997-07-31 09:42 92,208 --a------ C:\WINDOWS\system\WING.DLL
2008-06-19 13:11 . 1997-07-31 09:42 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2008-06-19 13:02 . 2008-06-19 13:02 <DIR> d-------- C:\Documents and Settings\Claudine\WINDOWS
2008-06-19 13:02 . 2008-07-12 22:38 <DIR> d-------- C:\CGLP
2008-06-19 13:02 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe
2008-06-19 13:02 . 1997-07-31 09:42 188,960 --a------ C:\WINDOWS\system32\WINGDE.DLL
2008-06-19 13:02 . 1997-07-31 09:42 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2008-06-19 13:02 . 1997-07-31 09:42 12,800 --a------ C:\WINDOWS\system32\WING32.DLL
2008-06-19 13:02 . 1997-07-31 09:42 6,736 --a------ C:\WINDOWS\system32\WINGDIB.DRV
2008-06-19 13:02 . 1997-07-31 09:42 5,024 --a------ C:\WINDOWS\system32\WINGPAL.WND
2008-06-19 13:02 . 2008-07-05 09:25 56 --a------ C:\WINDOWS\cglp.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 19:41 --------- d-----w C:\Program Files\eMule
2008-07-12 20:39 --------- d-----w C:\Program Files\xp-AntiSpy
2008-07-12 18:53 --------- d-----w C:\Program Files\Lavasoft
2008-07-12 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-09 12:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-08 16:16 --------- d-----w C:\Documents and Settings\Claudine\Application Data\dvdcss
2008-07-04 07:21 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 07:21 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 07:21 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-02 15:02 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-29 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-29 14:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 14:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-23 14:42 --------- d-----w C:\Documents and Settings\Claudine\Application Data\Ahead
2008-06-15 09:01 --------- d-----w C:\Program Files\CyberLink
2008-06-15 09:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-14 14:27 --------- d-----w C:\Program Files\Total Video2DVD Author
2008-06-12 10:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-07 13:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-05 17:34 --------- d-----w C:\Program Files\D-Tools
2008-06-05 11:45 --------- d-----w C:\Program Files\Google
2008-06-05 11:45 --------- d-----w C:\Program Files\DivX
2008-06-05 10:51 --------- d-----w C:\Program Files\WinAVIVideoConverter
2008-06-02 10:44 --------- d-----w C:\Program Files\DVD Shrink
2008-06-01 11:41 --------- d-----w C:\Documents and Settings\eMule_Secure\Application Data\vlc
2008-06-01 11:29 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-05-26 18:27 --------- d-----w C:\Documents and Settings\Claudine\Application Data\vlc
2008-05-26 17:59 --------- d-----w C:\Program Files\Windows Live
2008-05-26 17:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-26 17:58 --------- d-----w C:\Program Files\Windows Live Favorites
2008-05-26 17:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-26 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-26 11:59 --------- d-----w C:\Program Files\AVG
2008-05-26 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

------- Sigcheck -------

2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2004-08-04 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\65cb51275f131ad95a646f305f973e3a\tcpip.sys
2008-06-01 13:29 359808 ba57942c0029b0878afba052a3e33689 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-01 13:29 359808 ba57942c0029b0878afba052a3e33689 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-14_ 8.52.56.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-14 06:48:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-16 15:30:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-01 08:41 68856]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC "= "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]
"NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 09:21 1232152]
"DAEMON Tools-1033 "= "C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"UVS10 Preload "= "C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52 36864]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-06-29 16:06 155648]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RTHDCPL "= "RTHDCPL.EXE" [2006-08-14 15:00 16050176 C:\WINDOWS\RTHDCPL.exe]
"SkyTel "= "SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"C:\\Program Files\\eMule\\emule.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 09:21]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 09:21]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 09:21]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 09:21]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-16 17:29:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 19:39:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-16 19:41:24
ComboFix-quarantined-files.txt 2008-07-16 17:40:36
ComboFix2.txt 2008-07-16 11:51:35
ComboFix3.txt 2008-07-14 06:53:11

Pre-Run: 21,094,985,728 bytes free
Post-Run: 21,090,922,496 bytes free

193

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:38, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.go.com.mt/mygo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1211808469281
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5C22C08-01AF-4B65-AA07-BCE85DF1DC60}: NameServer = 212.56.128.132,212.56.128.196
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7663 bytes

 

Hi
Also, Do you know what this is? and do you use it?
http://www.go.com.mt/mygo

Geri

 

yes my mobile's network I use it to send free sms's so it's totally harmless been using it for ages now just posted the combo's and hjt's logs

 

Hi bombagirl
OK Thanks.
Is the alert still down by your clock? or have you had any alerts?

The two logs look clean.
Now lets get a on-line scan. Please do this.

If you have ATF Cleaner please run it, if you don't please download it and run it.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now a scan with Kaspersky.

Please do an online scan with Kaspersky WebScanner

Click on "Accept" If your pop "“up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the "Scan Report" On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

no the alert near clock disappeared long before the combo scan as I cleaned my pc with smitfraud before....however avg still pops up windows that says it's detecting threats in dll files......also spybot often pops up windows asking me whether to accept modifications in registry files and always press accept but don't know whether I'm doing the right thing....this mostly happens when I'm scanning especially when using soybot itself

re atf cleaner....I use it very often, once a week for sure but will run it again now and scan using kaspersky and post soon thanks

 

Hi

Does it give any names to what files it is saying are infected? is there a log you can post from it.

Lets see what Kaspersky shows, then I might want to see the AVG log.

Normally it is OK when you are doing something, like scanning your system. It's when you get an alert out of the blue that you mostly need to worry about.

Geri

 

yes it gives names of dll files all from the folder system32....will send you kaspersky results soon....critical areas are ok found something in my computer folder threat names 1, infected objects 2...however when it comes to 13% the scan seems to become idle

Now scanning: (nothing is shown here)
Location: (nothing show either)

what can I do please?

 

Hi bombagirl
Sorry, did not know you edited your post. Please use a new post when replying that way I can see that you have posted back and know to check it.
Thanks.
OK Lets try Panda and see if we can get a report.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Thanks
Geri

 

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-23 14:01:52
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{10DA5118-FDB2-4C06-AE1D-6977D68BEE0F}\RP73\A0045789.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Claudine\My Documents\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Claudine\Cookies\claudine@ad.yieldmanager[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Claudine\Cookies\claudine@ads.pointroll[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Claudine\Cookies\claudine@bravenet[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Claudine\Cookies\claudine@target[1].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{10DA5118-FDB2-4C06-AE1D-6977D68BEE0F}\RP75\A0045877.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{10DA5118-FDB2-4C06-AE1D-6977D68BEE0F}\RP78\A0055041.EXE
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{10DA5118-FDB2-4C06-AE1D-6977D68BEE0F}\RP73\A0045790.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Claudine\My Documents\SmitfraudFix\Reboot.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{10DA5118-FDB2-4C06-AE1D-6977D68BEE0F}\RP78\A0055026.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{10DA5118-FDB2-4C06-AE1D-6977D68BEE0F}\RP74\A0045851.sys
02904593 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{10DA5118-FDB2-4C06-AE1D-6977D68BEE0F}\RP54\A0031159.exe
03281274 Adware/SpyShredder Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\3.exe.vir
03281274 Adware/SpyShredder Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SysF7.exe.vir
03281274 Adware/SpyShredder Adware No 0 Yes No C:\System Volume Information\_restore{10DA5118-FDB2-4C06-AE1D-6977D68BEE0F}\RP74\A0045836.exe
03281274 Adware/SpyShredder Adware No 0 Yes No C:\System Volume Information\_restore{10DA5118-FDB2-4C06-AE1D-6977D68BEE0F}\RP78\A0055014.exe
03281274 Adware/SpyShredder Adware No 0 Yes No C:\System Volume Information\_restore{10DA5118-FDB2-4C06-AE1D-6977D68BEE0F}\RP73\A0044747.exe
03281284 Adware/WinAntiVirus2007 Adware No 0 Yes No C:\System Volume Information\_restore{10DA5118-FDB2-4C06-AE1D-6977D68BEE0F}\RP74\A0045835.exe
03281284 Adware/WinAntiVirus2007 Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\0.exe.vir
03324220 Adware/VistaAntivirus Adware No 0 Yes No C:\System Volume Information\_restore{10DA5118-FDB2-4C06-AE1D-6977D68BEE0F}\RP74\A0045834.cpl
03324220 Adware/VistaAntivirus Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\VAV\vav.cpl.vir
;===================================================================================================================================================================================
SUSPECTS
Sent Location j1
;===================================================================================================================================================================================
No C:\Documents and Settings\Claudine\My Documents\downloads\SmitfraudFix.exe j1
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description j1
;===================================================================================================================================================================================
;===================================================================================================================================================================================

 

Hi bombagirl

Ok please do this.

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
• This step removes the files, folders, and shortcuts created by the tools I had you download and run.

Now do this.
We need to turn off and on system restore. There are infections in it and by using system restore you would reinfect yourself.

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.

To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK
6. Make a new restore point.
7. Click Start, All Programs, Accessories, System Tools, System Restore.
Choose Create a restore point and clicked Next, Under "Type a description for your restore point…â€put a name in the box,. Click Create. In the next window click Close.

Run ATF Cleaner again and then post a new Panda scan.

Let me know if you are still getting warnings from AVG after doing the above.

Thanks
Geri