Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I've Been Hijacked!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I've Been Hijacked!

Unread postby elgoth » August 10th, 2007, 4:48 pm

I ran Avast! antivirus and AVG but I still have some virus, any help welcome.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:40 PM, on 8/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\yqwpvdvn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\uvnc_service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Andrew\My Documents\Downloads\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {136D7E7A-0BED-496E-A656-63E869374DB3} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {90F75E47-94D2-48AC-8D32-863356FA6578} - C:\WINDOWS\system32\ssqrqqr.dll
O2 - BHO: (no name) - {CD88535A-BF4E-43AB-8FCD-B879FA43BA7b} - C:\WINDOWS\system32\defwtjxw.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\aqmmtbxq.dll (file missing)
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\fqortkmr.dll",forkonce
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O20 - Winlogon Notify: ssqrqqr - C:\WINDOWS\SYSTEM32\ssqrqqr.dll
O20 - Winlogon Notify: vtstu - C:\WINDOWS\system32\vtstu.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\yqwpvdvn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Uvnc_service - Unknown owner - C:\Program Files\UltraVNC\uvnc_service.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 8562 bytes
elgoth
Active Member
 
Posts: 3
Joined: August 10th, 2007, 4:46 pm
Advertisement
Register to Remove

Unread postby Shaba » August 11th, 2007, 5:04 am

Hi elgoth

You are running two antiviruses, AVG and avast!

Uninstall one of them.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report
- vundofix report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby elgoth » August 13th, 2007, 12:00 am

ok here's HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:45 PM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\uvnc_service.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andrew\My Documents\Downloads\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {136D7E7A-0BED-496E-A656-63E869374DB3} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {CD88535A-BF4E-43AB-8FCD-B879FA43BA7b} - C:\WINDOWS\system32\defwtjxw.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O20 - Winlogon Notify: vtstu - C:\WINDOWS\system32\vtstu.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Uvnc_service - Unknown owner - C:\Program Files\UltraVNC\uvnc_service.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 7682 bytes


here's combofix

ComboFix 07-08-09.3 - "Andrew" 2007-08-12 22:49:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.642 [GMT -5:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Andrew\Desktop\internet.lnk
C:\WINDOWS\system32\o01PrEz


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))


2007-08-12 22:49 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-12 22:39 <DIR> d-------- C:\VundoFix Backups
2007-08-10 19:33 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\SiteAdvisor
2007-08-10 19:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-08-10 19:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-10 19:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-10 14:13 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-10 14:13 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-10 14:13 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-10 14:13 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-10 14:13 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-10 14:13 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-10 14:13 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-10 14:13 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-10 14:11 75,284 --a------ C:\WINDOWS\system32\rdkuottv.exe
2007-08-10 13:26 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-08 15:34 75,284 --a------ C:\WINDOWS\system32\yqwpvdvn.exe
2007-08-03 18:44 24,904 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2007-08-03 18:41 96,704 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-08-02 08:27 93,128 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2007-08-01 22:35 <DIR> d---s---- C:\DOCUME~1\Andrew\UserData
2007-07-30 08:27 120,852 --a------ C:\WINDOWS\system32\defwtjxw.dll
2007-07-27 20:13 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\Red Chair Software
2007-07-19 14:47 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2007-07-18 23:26 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\HP
2007-07-18 23:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-07-18 23:24 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-18 23:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-07-18 23:22 <DIR> d-------- C:\Program Files\Common Files\HP
2007-07-18 23:19 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-07-18 23:19 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-07-18 23:15 <DIR> d-------- C:\Program Files\HP
2007-07-18 23:13 90,643 --a------ C:\WINDOWS\hpiins01.dat
2007-07-18 23:13 0 --------- C:\WINDOWS\hpimdl01.dat
2007-07-18 17:40 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-18 17:40 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-17 17:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-07-15 15:50 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\TransRender
2007-07-15 15:50 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\Temporary
2007-07-15 15:50 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\ConvertTemp


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 22:53 --------- d-------- C:\Program Files\UltraVNC
2007-08-11 09:52 --------- d-------- C:\Program Files\Elaborate Bytes
2007-08-10 12:15 --------- d-------- C:\Program Files\ZAR
2007-08-10 12:14 --------- d-------- C:\Program Files\NCH Swift Sound
2007-08-10 12:13 --------- d-------- C:\Program Files\ARAX Disk Doctor Data Recovery
2007-08-10 12:12 --------- d-------- C:\Program Files\vPod
2007-08-10 12:12 --------- d-------- C:\Program Files\EMDB
2007-08-09 18:45 --------- d-------- C:\Program Files\MicroType 4
2007-07-30 00:38 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\uTorrent
2007-07-29 00:57 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\NewsBin
2007-07-19 16:53 2568 --a------ C:\WINDOWS\mozver.dat
2007-07-19 15:18 --------- d-------- C:\Program Files\Lexmark X1100 Series
2007-07-17 17:49 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\Ahead
2007-07-10 18:02 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\RecordPad
2007-07-10 18:02 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\NCH Swift Sound
2007-07-07 23:11 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-07 22:28 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\Samsung
2007-07-07 21:29 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\Help
2007-07-07 18:31 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-07-07 18:27 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\DivX
2007-07-07 18:24 --------- d-------- C:\Program Files\DivX
2007-07-07 18:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-07 18:21 --------- d-------- C:\Program Files\Samsung
2007-07-07 18:11 --------- d-------- C:\Program Files\QuickPar
2007-07-07 08:16 --------- d-------- C:\Program Files\NewsBin
2007-07-04 10:44 --------- d-------- C:\Program Files\WIDCOMM
2007-07-02 14:41 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-02 14:41 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-02 14:41 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-02 14:41 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-02 14:41 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-02 14:41 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-02 14:41 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-02 14:41 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-02 14:41 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-02 14:41 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-02 14:37 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-02 14:37 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-02 14:37 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-02 14:37 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-02 14:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-02 14:37 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-02 14:37 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-02 14:37 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-02 14:37 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-02 14:37 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-02 14:37 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-02 14:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-02 14:36 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-02 14:36 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-06-29 19:11 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\Apple Computer
2007-06-24 12:12 --------- d-------- C:\Program Files\Nero
2007-06-23 23:51 --------- d-------- C:\Program Files\Ahead
2007-06-23 21:00 --------- d-------- C:\Program Files\iTunes
2007-06-23 21:00 --------- d-------- C:\Program Files\iPod
2007-06-23 20:59 --------- d-------- C:\Program Files\QuickTime
2007-06-23 20:59 --------- d-------- C:\Program Files\Apple Software Update
2007-06-23 19:57 --------- d-------- C:\Program Files\QUICKENW
2007-06-22 08:54 99904 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys.bak
2007-06-16 10:03 --------- d-------- C:\Program Files\Microsoft.NET
2007-06-16 10:03 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-06-03 23:34 364544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2007-06-03 23:10 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-03 23:10 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-06-03 22:56 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-03 22:19 0 -rahs---- C:\MSDOS.SYS
2007-06-03 22:19 0 -rahs---- C:\IO.SYS
2007-06-03 22:19 0 --a------ C:\CONFIG.SYS
2007-06-03 22:19 0 --a------ C:\AUTOEXEC.BAT
2007-06-03 22:15 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-22 21:46 20168 --a------ C:\WINDOWS\system32\vncdrv.dll
2007-05-22 21:46 13128 --a------ C:\WINDOWS\system32\vnchelp.dll
2007-05-16 10:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2005-09-24 00:49 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{136D7E7A-0BED-496E-A656-63E869374DB3}]
C:\WINDOWS\system32\vtstu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD88535A-BF4E-43AB-8FCD-B879FA43BA7b}]
2007-07-30 08:27 120852 --a------ C:\WINDOWS\system32\defwtjxw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 01:20]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 08:42 C:\WINDOWS\SOUNDMAN.EXE]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-28 13:53]
"WD Button Manager"="WDBtnMgr.exe" [2007-06-03 23:34 C:\WINDOWS\system32\WDBtnMgr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 14:21]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 17:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-08-03 18:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstu]
C:\WINDOWS\system32\vtstu.dll

R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R2 Uvnc_service;Uvnc_service;"C:\Program Files\UltraVNC\uvnc_service.exe" -service
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS
R3 ElbyCDFL;ElbyCDFL;C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys
R3 vulfnths;VIA USB Host Controller Lower Filter;C:\WINDOWS\system32\Drivers\vulfnth.sys
R3 vulfntrs;VIA USB Roothub Lower Filter;C:\WINDOWS\system32\Drivers\vulfntr.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys


Contents of the 'Scheduled Tasks' folder
2007-08-08 00:17:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 22:53:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 22:55:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 22:55

--- E O F ---

and lastly, here's vundofix:


VundoFix V6.5.7

Checking Java version...

Scan started at 10:39:42 PM 8/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\aqmmtbxq.dll
C:\windows\system32\awtqn.dll
C:\windows\system32\awtsp.dll
C:\windows\system32\awvtq.dll
C:\WINDOWS\system32\fqortkmr.dll
C:\windows\system32\jkhfd.dll
C:\windows\system32\mljgf.dll
C:\windows\system32\mljjh.dll
C:\windows\system32\pmkhe.dll
C:\windows\system32\pmnli.dll
C:\WINDOWS\system32\rmktroqf.ini
C:\WINDOWS\system32\ssqrqqr.dll
C:\windows\system32\sstts.dll
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.tmp
C:\WINDOWS\system32\vtstu.dll

Beginning removal...

Attempting to delete C:\windows\system32\awtqn.dll
C:\windows\system32\awtqn.dll Has been deleted!

Attempting to delete C:\windows\system32\awtsp.dll
C:\windows\system32\awtsp.dll Has been deleted!

Attempting to delete C:\windows\system32\awvtq.dll
C:\windows\system32\awvtq.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhfd.dll
C:\windows\system32\jkhfd.dll Has been deleted!

Attempting to delete C:\windows\system32\mljgf.dll
C:\windows\system32\mljgf.dll Has been deleted!

Attempting to delete C:\windows\system32\mljjh.dll
C:\windows\system32\mljjh.dll Has been deleted!

Attempting to delete C:\windows\system32\pmkhe.dll
C:\windows\system32\pmkhe.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnli.dll
C:\windows\system32\pmnli.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rmktroqf.ini
C:\WINDOWS\system32\rmktroqf.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrqqr.dll
C:\WINDOWS\system32\ssqrqqr.dll Could not be deleted.

Attempting to delete C:\windows\system32\sstts.dll
C:\windows\system32\sstts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\utstv.tmp
C:\WINDOWS\system32\utstv.tmp Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqrqqr.dll
C:\WINDOWS\system32\ssqrqqr.dll Has been deleted!

Performing Repairs to the registry.
Done!

Thanks in advance!!
elgoth
Active Member
 
Posts: 3
Joined: August 10th, 2007, 4:46 pm

Unread postby Shaba » August 13th, 2007, 4:24 am

Hi

Open HijackThis, click do a system scan only and checkmark these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {136D7E7A-0BED-496E-A656-63E869374DB3} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: (no name) - {CD88535A-BF4E-43AB-8FCD-B879FA43BA7b} - C:\WINDOWS\system32\defwtjxw.dll
O20 - Winlogon Notify: vtstu - C:\WINDOWS\system32\vtstu.dll (file missing)


Close all windows including browser and press fix checked.

Reboot.

Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
C:\WINDOWS\system32\rdkuottv.exe
C:\WINDOWS\system32\yqwpvdvn.exe 
C:\WINDOWS\system32\defwtjxw.dll 


Save this as "CFScript"

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby elgoth » August 13th, 2007, 11:17 pm

Here's ComboFix:

ComboFix 07-08-09.3 - "Andrew" 2007-08-13 22:11:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.653 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Andrew\My Documents\Downloads\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\SYSTEM32\rdkuottv.exe
C:\WINDOWS\SYSTEM32\yqwpvdvn.exe
C:\WINDOWS\SYSTEM32\defwtjxw.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\SYSTEM32\rdkuottv.exe
C:\WINDOWS\SYSTEM32\yqwpvdvn.exe


((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))


2007-08-12 22:49 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-12 22:39 <DIR> d-------- C:\VundoFix Backups
2007-08-10 19:33 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\SiteAdvisor
2007-08-10 19:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-08-10 19:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-10 19:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-10 14:13 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-10 14:13 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-10 14:13 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-10 14:13 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-10 14:13 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-10 14:13 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-10 14:13 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-10 14:13 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-10 13:26 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-03 18:44 24,904 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2007-08-03 18:41 96,704 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-08-02 08:27 93,128 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2007-08-01 22:35 <DIR> d---s---- C:\DOCUME~1\Andrew\UserData
2007-07-27 20:13 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\Red Chair Software
2007-07-19 14:47 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2007-07-18 23:26 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\HP
2007-07-18 23:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-07-18 23:24 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-18 23:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-07-18 23:22 <DIR> d-------- C:\Program Files\Common Files\HP
2007-07-18 23:19 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-07-18 23:19 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-07-18 23:15 <DIR> d-------- C:\Program Files\HP
2007-07-18 23:13 90,643 --a------ C:\WINDOWS\hpiins01.dat
2007-07-18 23:13 0 --------- C:\WINDOWS\hpimdl01.dat
2007-07-18 17:40 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-18 17:40 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-17 17:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-07-15 15:50 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\TransRender
2007-07-15 15:50 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\Temporary
2007-07-15 15:50 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\ConvertTemp


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-13 22:09 --------- d-------- C:\Program Files\UltraVNC
2007-08-11 09:52 --------- d-------- C:\Program Files\Elaborate Bytes
2007-08-10 12:15 --------- d-------- C:\Program Files\ZAR
2007-08-10 12:14 --------- d-------- C:\Program Files\NCH Swift Sound
2007-08-10 12:13 --------- d-------- C:\Program Files\ARAX Disk Doctor Data Recovery
2007-08-10 12:12 --------- d-------- C:\Program Files\vPod
2007-08-10 12:12 --------- d-------- C:\Program Files\EMDB
2007-08-09 18:45 --------- d-------- C:\Program Files\MicroType 4
2007-07-30 00:38 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\uTorrent
2007-07-29 00:57 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\NewsBin
2007-07-19 16:53 2568 --a------ C:\WINDOWS\mozver.dat
2007-07-19 15:18 --------- d-------- C:\Program Files\Lexmark X1100 Series
2007-07-17 17:49 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\Ahead
2007-07-10 18:02 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\RecordPad
2007-07-10 18:02 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\NCH Swift Sound
2007-07-07 23:11 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-07 22:28 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\Samsung
2007-07-07 21:29 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\Help
2007-07-07 18:31 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-07-07 18:27 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\DivX
2007-07-07 18:24 --------- d-------- C:\Program Files\DivX
2007-07-07 18:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-07 18:21 --------- d-------- C:\Program Files\Samsung
2007-07-07 18:11 --------- d-------- C:\Program Files\QuickPar
2007-07-07 08:16 --------- d-------- C:\Program Files\NewsBin
2007-07-04 10:44 --------- d-------- C:\Program Files\WIDCOMM
2007-07-02 14:41 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-02 14:41 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-02 14:41 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-02 14:41 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-02 14:41 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-02 14:41 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-02 14:41 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-02 14:41 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-02 14:41 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-02 14:41 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-02 14:37 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-02 14:37 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-02 14:37 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-02 14:37 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-02 14:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-02 14:37 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-02 14:37 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-02 14:37 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-02 14:37 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-02 14:37 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-02 14:37 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-02 14:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-02 14:36 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-02 14:36 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-06-29 19:11 --------- d-------- C:\DOCUME~1\Andrew\APPLIC~1\Apple Computer
2007-06-24 12:12 --------- d-------- C:\Program Files\Nero
2007-06-23 23:51 --------- d-------- C:\Program Files\Ahead
2007-06-23 21:00 --------- d-------- C:\Program Files\iTunes
2007-06-23 21:00 --------- d-------- C:\Program Files\iPod
2007-06-23 20:59 --------- d-------- C:\Program Files\QuickTime
2007-06-23 20:59 --------- d-------- C:\Program Files\Apple Software Update
2007-06-23 19:57 --------- d-------- C:\Program Files\QUICKENW
2007-06-22 08:54 99904 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys.bak
2007-06-16 10:03 --------- d-------- C:\Program Files\Microsoft.NET
2007-06-16 10:03 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-06-03 23:34 364544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2007-06-03 23:10 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-03 23:10 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-06-03 22:56 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-03 22:19 0 -rahs---- C:\MSDOS.SYS
2007-06-03 22:19 0 -rahs---- C:\IO.SYS
2007-06-03 22:19 0 --a------ C:\CONFIG.SYS
2007-06-03 22:19 0 --a------ C:\AUTOEXEC.BAT
2007-06-03 22:15 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-22 21:46 20168 --a------ C:\WINDOWS\system32\vncdrv.dll
2007-05-22 21:46 13128 --a------ C:\WINDOWS\system32\vnchelp.dll
2007-05-16 10:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2005-09-24 00:49 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 01:20]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 08:42 C:\WINDOWS\SOUNDMAN.EXE]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-28 13:53]
"WD Button Manager"="WDBtnMgr.exe" [2007-06-03 23:34 C:\WINDOWS\system32\WDBtnMgr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 14:21]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 17:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-08-03 18:44]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R2 Uvnc_service;Uvnc_service;"C:\Program Files\UltraVNC\uvnc_service.exe" -service
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS
R3 ElbyCDFL;ElbyCDFL;C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys
R3 vulfnths;VIA USB Host Controller Lower Filter;C:\WINDOWS\system32\Drivers\vulfnth.sys
R3 vulfntrs;VIA USB Roothub Lower Filter;C:\WINDOWS\system32\Drivers\vulfntr.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys


Contents of the 'Scheduled Tasks' folder
2007-08-08 00:17:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 22:12:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-13 22:13:34
C:\ComboFix-quarantined-files.txt ... 2007-08-13 22:13
C:\ComboFix2.txt ... 2007-08-12 22:55

--- E O F ---


and HijackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:17 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\uvnc_service.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Andrew\My Documents\VirusRemoval\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Uvnc_service - Unknown owner - C:\Program Files\UltraVNC\uvnc_service.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 7449 bytes
elgoth
Active Member
 
Posts: 3
Joined: August 10th, 2007, 4:46 pm

Unread postby Shaba » August 14th, 2007, 2:42 am

Hi

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh hijackthis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby Shaba » August 18th, 2007, 4:49 am

elgoth?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby Shaba » August 25th, 2007, 4:27 am

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware