I will list my hijack log and the sdfix log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:28 PM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVG\AVG8\avgui.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se9563.cab
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 9224956506
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9224885754
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74CE9BCD-9360-49B3-8D3D-1E64F9A556A4}: NameServer = 207.69.188.185 207.69.188.186
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
--
End of file - 5951 bytes
SDFix: Version 1.190
Run by Ron Johnson on Mon 06/09/2008 at 09:12 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
MsSecurity1.209.4
Path :
C:\WINDOWS\444.0 service
MsSecurity1.209.4 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default IE Settings
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\WINDOWS\system32\vntiho06\vntiho061083.exe - Deleted
C:\WINDOWS\b155.exe - Deleted
C:\WINDOWS\b156.exe - Deleted
C:\WINDOWS\mrofinu72.exe - Deleted
C:\WINDOWS\megavid.cdt - Deleted
C:\WINDOWS\muotr.so - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\sft.res - Deleted
C:\WINDOWS\system32\sockins32.dll - Deleted
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Temp\vtmp2 - Removed
Folder C:\WINDOWS\system32\vntiho06 - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 21:22:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Avant Browser\\avant.exe"="C:\\Program Files\\Avant Browser\\avant.exe:*:Disabled:Avant Browser"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Disabled:uTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 14 Mar 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 24 May 2008 490,736 A..H. --- "C:\WINDOWS\SDold\Download\dc3fa7fed4facc29618f4c01f9c9f686\BIT3.tmp"
Sun 27 Apr 2008 4,188,496 A..H. --- "C:\WINDOWS\SDold\Download\f44a8760e63412f193188dc31bdd5121\BITA.tmp"
Sun 27 Apr 2008 2,367,240 A..H. --- "C:\WINDOWS\SDold\Download\5ad35005cb1cf6ab0e5d8906b81ef3e1\BIT9.tmp"
Thu 22 May 2008 101,765 A..H. --- "C:\WINDOWS\SDold\Download\44294cc09489e42ab360bd5883f74d9e\BIT56.tmp"
Sun 27 Apr 2008 2,295,632 A..H. --- "C:\WINDOWS\SDold\Download\bf56b0f3cf2ed2445c92d62b2f0fc041\BIT28.tmp"
Thu 22 May 2008 105,996 A..H. --- "C:\WINDOWS\SDold\Download\ad6c31f7d0a4d2645ed6d67e2530522e\BIT5A.tmp"
Thu 22 May 2008 4,548,840 A..H. --- "C:\WINDOWS\SDold\Download\b3e5e8974ae0994762c5e8b775ac86f9\BIT5B.tmp"
Thu 22 May 2008 393,448 A..H. --- "C:\WINDOWS\SDold\Download\b600c3564bddf4a7fe9d1996c0016b82\BIT5E.tmp"
Thu 22 May 2008 102,088 A..H. --- "C:\WINDOWS\SDold\Download\28607bd02fc0f9c734f452e4f2666652\BIT5F.tmp"
Thu 22 May 2008 152,128 A..H. --- "C:\WINDOWS\SDold\Download\70a4fbe7217488f673cf5d20367dabc9\BIT62.tmp"
Thu 22 May 2008 151,441 A..H. --- "C:\WINDOWS\SDold\Download\a0d45ac61d8a7a5b7faa78852c46bf15\BIT6A.tmp"
Thu 22 May 2008 2,166,832 A..H. --- "C:\WINDOWS\SDold\Download\34b7b0061829da0fde41032b10403ce7\BIT2.tmp"
Thu 22 May 2008 516,336 A..H. --- "C:\WINDOWS\SDold\Download\8762af45850de85ac5e91f5a63cfe543\BIT8.tmp"
Thu 22 May 2008 483,568 A..H. --- "C:\WINDOWS\SDold\Download\a30fe106c075193a6848a7f64073a7cc\BITE.tmp"
Thu 22 May 2008 102,173 A..H. --- "C:\WINDOWS\SDold\Download\786d8d10fefe7553d7282b60526a243b\BIT11.tmp"
Fri 23 May 2008 122,008 A..H. --- "C:\WINDOWS\SDold\Download\e9966731a8a6efd4f492b267c7081066\BIT13.tmp"
Fri 23 May 2008 101,803 A..H. --- "C:\WINDOWS\SDold\Download\88aa16c08992a222297cc493fc329b20\BIT14.tmp"
Sat 24 May 2008 157,347 A..H. --- "C:\WINDOWS\SDold\Download\4cccd8c1bc85247ebfa9061d6bf08de1\BIT25.tmp"
Thu 22 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\14942f74c18b6839d63fb1d0837a7512\BIT6.tmp"
Fri 30 May 2008 2,166,832 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3e21b535dea17cce2bc6f0feca1311d\BIT36.tmp"
Fri 30 May 2008 15,452,536 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT4B.tmp"
Sun 27 Apr 2008 108,399 A..H. --- "C:\WINDOWS\SDold\Download\2dde58e204c4be402ccbbcd0b600650e\download\BIT2E.tmp"
Thu 22 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\88ffe733ec76f56f5e26a19f4a072dec\download\BIT69.tmp"
Sun 27 Apr 2008 56,566 A..H. --- "C:\WINDOWS\SDold\Download\0030edf27ee9d030b5e38566d2514790\download\BIT2.tmp"
Sat 24 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\e2306f0216dfc9822a8553f09db95f71\download\BIT6.tmp"
Sat 26 Apr 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\92554586f3df257ccc6f5cd3e1efab22\download\BIT23.tmp"
Sat 26 Apr 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\d45f88747992924d2f8a55141b129dbd\download\BIT25.tmp"
Sat 26 Apr 2008 4,005,331 A..H. --- "C:\WINDOWS\SDold\Download\26850ce336513bfee15ef865c4e6576c\download\BIT19.tmp"
Sat 26 Apr 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\17b5dc397be04188db1a7e941038c6f2\download\BIT27.tmp"
Sat 24 May 2008 1,919,453 A..H. --- "C:\WINDOWS\SDold\Download\ac3f490121f580bfb62d9d495aa2b215\download\BIT2F.tmp"
Sun 27 Apr 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\a1394c19ce964344512c4b8ba52cbec5\download\BITC.tmp"
Sun 27 Apr 2008 398,015 A..H. --- "C:\WINDOWS\SDold\Download\94ee68f37097c1148365727afa16d894\download\BIT2F.tmp"
Sun 27 Apr 2008 1,613,689 A..H. --- "C:\WINDOWS\SDold\Download\409eeb5b15ac5b9aeee323d7da0f978c\download\BIT4.tmp"
Sun 27 Apr 2008 2,259,852 A..H. --- "C:\WINDOWS\SDold\Download\d603631fa5c5558c772d54d44369b54f\download\BITD.tmp"
Sun 27 Apr 2008 750,541 A..H. --- "C:\WINDOWS\SDold\Download\a99eb7d5ff79aed3ff0979cb81b4434b\download\BITB.tmp"
Sun 27 Apr 2008 605,945 A..H. --- "C:\WINDOWS\SDold\Download\4730fbe8056ad6eb56eb6cc23d82cd01\download\BIT36.tmp"
Sun 27 Apr 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\354472c20c6e7a38bfd2b1b859e56276\download\BITF.tmp"
Sun 27 Apr 2008 355,352 A..H. --- "C:\WINDOWS\SDold\Download\5217f632c60d0e2abd68621d2a7b05b9\download\BITA.tmp"
Sun 27 Apr 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\6aa2d4bcedcee9617227cafceab09f02\download\BITD.tmp"
Sat 26 Apr 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\f800fb87a28ec4ca869706531385e23a\download\BIT3B.tmp"
Sun 27 Apr 2008 906,113 A..H. --- "C:\WINDOWS\SDold\Download\2d5cb53f40c94c45549672fbf4eb14b2\download\BIT7.tmp"
Sun 27 Apr 2008 1,974,817 A..H. --- "C:\WINDOWS\SDold\Download\ec3e2e6b3f1b25baadb3a70dfe94cd10\download\BIT8.tmp"
Sun 27 Apr 2008 262,997 A..H. --- "C:\WINDOWS\SDold\Download\c4989c7d9cfedbbe50931f1ce8778e69\download\BITE.tmp"
Sun 27 Apr 2008 465,029 A..H. --- "C:\WINDOWS\SDold\Download\1410961c7f4f5684c30d6b41322b3e42\download\BIT4.tmp"
Sun 27 Apr 2008 1,220,563 A..H. --- "C:\WINDOWS\SDold\Download\785bc23a82784977fa64552e9bb4a6ab\download\BIT2.tmp"
Sat 24 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\71c884b3a348fe876677e718ab666a66\download\BIT6.tmp"
Thu 22 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\b5330da089196b346d1ee0676e21afcc\download\BIT2E.tmp"
Thu 22 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\97a9b4183ee83502797f62c2c0b429cf\download\BIT2F.tmp"
Thu 22 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\ada4d488d7d0854b79cefb8bc70c8d98\download\BIT30.tmp"
Fri 23 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\0f66ac0b7ccd71faf6da904f29228240\download\BIT6.tmp"
Sat 24 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\218766960d1465c026412385b0d1d978\download\BIT7.tmp"
Sat 24 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\6ac42657c636012f9effce4f937863f4\download\BIT8.tmp"
Thu 22 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\0615c0a0d589689e7965d4bf87a5872b\download\BIT31.tmp"
Thu 22 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\243c97729a3a8fbb5f1e18f85169b8de\download\BIT32.tmp"
Fri 23 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\f8c6a8157d1ed68b0b0f724babd8b17f\download\BIT9.tmp"
Sat 24 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\37e5b122079a0c7ba85fcc8ce8310ad8\download\BIT9.tmp"
Thu 22 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\794fe6c4497072d6b676dff316f341a2\download\BIT33.tmp"
Thu 22 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\b2ebfcb0d3e31cb844250d8d3cdd9b7f\download\BIT34.tmp"
Thu 22 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\5cc724b3995f72ef3222dddf08658056\download\BIT35.tmp"
Thu 22 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\33cb1e7dae8a29b002e7473fd58a1557\download\BIT38.tmp"
Fri 30 May 2008 2,716,340 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\download\BITE.tmp"
Fri 30 May 2008 2,997,291 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a4eec31189780c76a955690dc00fbe64\download\BIT13A.tmp"
Wed 17 Oct 2007 20 A..H. --- "C:\Documents and Settings\Ron Johnson\My Documents\My Music\License Backup\drmv1lic.bak"
Tue 14 Mar 2006 4,348 ...H. --- "C:\Documents and Settings\Ron Johnson\My Documents\My Music\License Backup\drmv1key.bak"
Wed 17 Oct 2007 1,536 A..H. --- "C:\Documents and Settings\Ron Johnson\My Documents\My Music\License Backup\drmv2lic.bak"
Tue 13 Sep 2005 312 ...H. --- "C:\Documents and Settings\Ron Johnson\My Documents\My Music\License Backup\drmv2key.bak"
Sun 2 Dec 2007 4,677,120 ...H. --- "C:\Documents and Settings\Ron Johnson\Application Data\Microsoft\Word\~WRL3474.tmp"
Finished!