Okay Okay... you can start flaming me after you figure out my problem >.< im only 15 and i'm not that great at computers

Recently my computer has been acting weird, freezing during game programs and of course weird things going on. after downloading AVG free edition. ( i will list below step by step of my actions )

1) check up-dates for AVG (downloaded it)
2) Scan full system
3) 6 threats! 3 Obfustat.IQC and 3 Obfustat.IHB and importantly 2 of the files have infected
C:\Windows\system32\printer.exe & C:\Windows\system32\winavxx.exe
4) Then of course i clicked heal!
5)But then errors started coming up, i can't access some things like Control Panel or Properties!
6)So i restarted comp and rebooted with an error in my face "Can't Find C:\Windows\system32\printer.exe
7)I searched the internet for topics on this and read all of em.. still not sure what to do
8)I've read several articles of people posting their hijackthis log and asking for help.. which is one of my options
option a. post hijackthis log and ask for help
option b. run regedit and edit bunch of stuff i dont know
option c. start panicking and reformat comp...
9) after all that.. i've posted this with my hijackthis log

Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:01:42 PM, on 8/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeremiah\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defa.../search/ie.html
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

Please help me.. im in a hurry.. i need to work on some projects for school, i would like to thank those who help and acknowledge my need!

Sincerely,Alex

Hello Alex and welcome

your log got cut off could you post it again please

I'm so sorry.. im such an idiot.. this is my 1st time doing this.. my apologies i'll try attaching note pad file

sorry for some reason uploading note pad was restricted for a reason i do not know. i have repasted the log

Logfile of HijackThis v1.99.1
Scan saved at 5:46:43 PM, on 8/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\Jeremiah\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defa.../search/ie.html
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\hanonvt.ini
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Don't worry your doing fine

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Heres the log and i assume that the reboot of the computer is the work of combofix.exe and care to explain what combofix does?

ComboFix 07-08-17.2 - "Jeremiah" 2007-08-20 17:55:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.547 [GMT -7:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Jeremiah\Desktop\internet.lnk


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 )))))))))))))))))))))))))))))))


2007-08-20 17:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-20 16:34 <DIR> d-------- C:\DOCUME~1\Jeremiah\APPLIC~1\Comodo
2007-08-20 16:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-20 16:31 <DIR> d-------- C:\Program Files\Comodo
2007-08-20 06:08 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-20 01:54 37,376 --a------ C:\WINDOWS\system32\vtr431.dll
2007-08-19 19:52 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-08-19 19:52 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-08-19 19:52 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-08-19 19:52 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-08-19 19:52 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-08-19 19:52 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-08-19 19:52 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-08-19 19:52 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-08-19 19:52 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-08-19 19:52 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-08-19 19:52 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-08-19 19:52 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-08-19 19:52 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-08-19 19:52 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-08-19 19:52 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-08-19 19:52 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-08-19 19:52 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-08-19 19:52 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-08-19 19:52 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-08-19 19:52 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-08-19 19:52 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-08-19 19:52 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-08-19 19:52 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-08-19 19:52 <DIR> d-------- C:\Program Files\DirectX
2007-08-13 22:22 <DIR> d-------- C:\DOCUME~1\Jeremiah\APPLIC~1\Talkback
2007-08-13 22:21 <DIR> d-------- C:\Program Files\DivX
2007-08-04 10:35 <DIR> d-------- C:\Program Files\iPod
2007-07-27 00:48 <DIR> d-------- C:\DOCUME~1\Jeremiah\APPLIC~1\Move Networks
2007-07-27 00:20 <DIR> d-------- C:\Program Files\Veoh Networks
2007-07-25 19:53 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-25 19:53 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-20 17:43 --------- d-------- C:\DOCUME~1\Jeremiah\APPLIC~1\LimeWire
2007-08-16 15:40 --------- d-------- C:\Program Files\Softnyx
2007-08-15 20:12 --------- d-------- C:\Program Files\LimeWire
2007-08-04 10:35 --------- d-------- C:\Program Files\iTunes
2007-07-27 00:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-18 21:37 --------- d-------- C:\DOCUME~1\Jeremiah\APPLIC~1\Help
2007-07-17 12:34 --------- d--h----- C:\DOCUME~1\Jeremiah\APPLIC~1\ijjigame
2007-07-11 22:01 --------- d-------- C:\DOCUME~1\Jeremiah\APPLIC~1\Google
2007-07-10 19:24 --------- d-------- C:\Program Files\Google
2007-07-10 15:25 --------- d-------- C:\Program Files\QuickTime
2007-07-10 15:25 --------- d-------- C:\Program Files\Apple Software Update
2007-07-10 15:25 --------- d-------- C:\DOCUME~1\Jeremiah\APPLIC~1\Apple Computer
2007-07-10 15:14 --------- d-------- C:\DOCUME~1\Jeremiah\APPLIC~1\ATI MMC
2007-06-29 20:47 --------- d-------- C:\Program Files\Yahoo!
2007-06-29 20:44 --------- d-------- C:\Program Files\SBC Yahoo!
2007-06-29 20:24 --------- d-------- C:\Program Files\Marvell
2007-06-29 20:13 --------- d-------- C:\Program Files\Silicon Image
2007-06-29 20:13 --------- d-------- C:\Program Files\AMD
2007-06-29 20:07 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-29 20:06 --------- d-------- C:\Program Files\Realtek Sound Manager
2007-06-29 20:06 --------- d-------- C:\Program Files\AvRack
2007-06-29 01:38 --------- d-------- C:\DOCUME~1\Jeremiah\APPLIC~1\ATI
2007-06-29 01:28 --------- d-------- C:\Program Files\ATI Technologies
2007-06-29 01:28 --------- d-------- C:\Program Files\ATI Multimedia
2007-06-29 01:27 --------- d-------- C:\Program Files\msaccrt
2007-06-29 01:27 --------- d-------- C:\Program Files\Common Files\ATI
2007-06-29 01:26 --------- d-------- C:\Program Files\Windows Media Components
2007-06-29 01:24 --------- d-------- C:\Program Files\Common Files\CyberLink
2007-06-29 00:49 2706 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-06-29 00:28 0 -rahs---- C:\MSDOS.SYS
2007-06-29 00:28 0 -rahs---- C:\IO.SYS
2007-06-29 00:28 0 --a------ C:\CONFIG.SYS
2007-06-29 00:28 0 --a------ C:\AUTOEXEC.BAT
2007-06-29 00:28 --------- d-------- C:\Program Files\microsoft frontpage
2007-06-29 00:27 8738 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-06-29 00:26 --------- d-------- C:\Program Files\Movie Maker
2007-06-29 00:26 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-06-29 00:25 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-29 00:25 --------- d-------- C:\Program Files\Windows NT
2007-06-29 00:25 --------- d-------- C:\Program Files\Online Services
2007-06-29 00:25 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-06-29 00:25 --------- d-------- C:\Program Files\Messenger
2007-06-28 17:09 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-28 17:09 --------- d-------- C:\Program Files\Common Files\ODBC
2007-06-13 14:29 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-06-13 12:25 339968 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-06-13 12:24 268288 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-06-13 12:23 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-06-13 12:17 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-06-13 12:17 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2007-06-13 12:17 139264 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-06-13 12:17 118784 --a------ C:\WINDOWS\system32\Oemdspif.dll
2007-06-13 12:16 118784 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-06-13 12:15 483328 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-06-13 12:14 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2007-06-13 12:10 8097792 --a------ C:\WINDOWS\system32\atioglx2.dll
2007-06-13 12:07 2922208 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-06-13 11:57 1512960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-06-13 11:46 5431296 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-06-13 11:43 262144 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-06-13 11:42 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-06-13 11:41 50176 --a------ C:\WINDOWS\system32\atiok3x2.dll
2007-06-13 11:36 368640 --a------ C:\WINDOWS\system32\ati2cqag.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-03 21:10]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-11-03 22:21]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 03:20 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-27 20:14]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-20 06:08]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-20 16:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="" []
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-09-22 22:16]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-07-08 10:49]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 11:24]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-07-16 18:04]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"<NO NAME>"=
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-11-03 22:21:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\System32\hanonvt.ini

S3 XDva025;XDva025;\??\C:\WINDOWS\System32\XDva025.sys
S3 XDva026;XDva026;\??\C:\WINDOWS\System32\XDva026.sys


Contents of the 'Scheduled Tasks' folder
2007-08-18 16:53:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-20 17:59:03
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-20 18:00:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-20 18:00

--- E O F ---

Yes combofix rebooted the computer in order to delete some files it found,

Not quite done yet

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• When VundoFix re-opens, click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Before running HJT move it to a dedicated folder

Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt
Move HJT into this new folder please,

Errmm i seem to encoutered a problem , after scaning i have clicked on remove the vundo scan it said "no infected files were detected" and it closed without further things such as restarting the computer on it's own or black out of the screen

Thats fine go ahead and make the folder for HJT then rescan and post back a fresh log and we will go from there

EDIT: im not sure if you want both logs or not, so i posted the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 6:58:47 PM, on 8/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defa.../search/ie.html
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\hanonvt.ini
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

This post has been edited by Cair: Aug 20 2007, 08:07 PM

1. Please download The Avenger by Swandog46 to your Desktop.

• Click on Avenger.zip to open the file
• Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):



Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Script file to execute" choose "Input Script Manually".
• Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
• Paste the text copied to clipboard into this window by pressing (Ctrl+V).
• Click Done
• Now click on the Green Light to begin execution of the script
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply

okay... and i also had an error for some reason when comp rebooted.

this is the avenger log
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\oxgqhxol

*******************

Script file located at: \??\C:\Program Files\smsrwqjw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\hrum133.txt not found!
Deletion of file C:\WINDOWS\system32\hrum133.txt failed!

Could not process line:
C:\WINDOWS\system32\hrum133.txt
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

this is the freshly scaned HJT:

Logfile of HijackThis v1.99.1
Scan saved at 7:21:07 PM, on 8/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defa.../search/ie.html
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Looks like it did what we needed it to do

the machine seem to be running better ?


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.

Thanks soo much.. im still in the process , after im done doing this scan do delete dr. web scanner? beacause i already have avg anti virus free edition and i read somewhere that having more than 1 anti-virus program isn't good if you dont know what your doing