Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware, etc.


  • Please log in to reply

#1
user169

user169

    Member

  • Member
  • PipPip
  • 17 posts
I havent had any major issues with this computer but after running the panda active scan, its told me otherwise.
Any help is much appreiciated.
(By the way the scans were done in safe mode if that matters)

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:43 PM, on 11/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rhrc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {018DB482-7B62-5DE0-1486-552755FCBF9C} - C:\WINDOWS\system32\ynpbwq.dll (file missing)
O2 - BHO: (no name) - {08DDB645-7DF4-587A-D7BA-56A70D5DE299} - C:\WINDOWS\system32\nakfe.dll (file missing)
O2 - BHO: (no name) - {09BB20EC-B258-C3DF-2C25-CFCE6BBFBB99} - C:\WINDOWS\System32\adfre.dll (file missing)
O2 - BHO: (no name) - {0BBD75E8-B658-C389-2C25-CFCE6BBEEACB} - C:\WINDOWS\System32\vsdq.dll (file missing)
O2 - BHO: (no name) - {0DDBB783-7C33-04B6-1486-552755FCBFCD} - C:\WINDOWS\system32\sdgkurr.dll (file missing)
O2 - BHO: (no name) - {1060F535-32D3-4257-A7DD-1043B364F699} - C:\WINDOWS\system32\ngw.dll (file missing)
O2 - BHO: (no name) - {17E7AD32-63D1-4C01-A33D-1EE338EFADCF} - C:\WINDOWS\system32\wqsyo.dll (file missing)
O2 - BHO: (no name) - {30A3A947-38F8-1D7E-88AF-1763716FD599} - C:\WINDOWS\system32\noxy.dll (file missing)
O2 - BHO: (no name) - {30DC7C60-BD85-9459-A03D-9E2B55CF8AC9} - C:\WINDOWS\system32\gpme.dll (file missing)
O2 - BHO: (no name) - {32DB1653-D2E1-F36A-C55B-F8CD5A6D82CF} - C:\WINDOWS\system32\gfafnr.dll (file missing)
O2 - BHO: (no name) - {336D1D8A-D76B-A2EE-1A66-FB8DBE22829E} - C:\WINDOWS\system32\ujxym.dll (file missing)
O2 - BHO: (no name) - {389E0C71-96C0-E017-E449-B919160F839C} - C:\WINDOWS\System32\zytszbn.dll (file missing)
O2 - BHO: (no name) - {391a72a1-108d-435a-875e-5b9048e11657} - C:\WINDOWS\system32\bxdo.dll (file missing)
O2 - BHO: (no name) - {3DEBBBE3-700F-03D0-7710-0CB26D6A84C5} - C:\WINDOWS\system32\wvbu.dll (file missing)
O2 - BHO: (no name) - {3EB9BEE2-2100-0582-7710-0CB26D6A84C5} - C:\WINDOWS\system32\iyvaeiv.dll (file missing)
O2 - BHO: (no name) - {40B2AF36-60D1-4607-A33D-1EE338EEFBCE} - C:\WINDOWS\system32\tfqrmno.dll (file missing)
O2 - BHO: (no name) - {440F325C-FBE5-8A6A-C1DB-808ADFA5F3C4} - C:\WINDOWS\System32\hhjfepx.dll (file missing)
O2 - BHO: (no name) - {489719DA-856D-A5B7-1906-AD58137FF29A} - C:\WINDOWS\system32\jtoa.dll (file missing)
O2 - BHO: (no name) - {4C966D50-F2E1-8536-CC1B-DCEF490AA09B} - C:\WINDOWS\System32\bdechfv.dll (file missing)
O2 - BHO: (no name) - {5343B90C-71EF-5533-C33B-5E0796A0BBC0} - C:\WINDOWS\system32\vdsuj.dll (file missing)
O2 - BHO: (no name) - {58AD42F9-DA4D-F39A-6FF1-F2AD7C7FB7C1} - C:\WINDOWS\system32\vxvkhbe.dll (file missing)
O2 - BHO: (no name) - {5D5D9065-56D0-7A07-A19D-74D58A72B1CA} - C:\WINDOWS\system32\nnly.dll (file missing)
O2 - BHO: (no name) - {653910DB-D364-F5BF-1A66-FB8DBE2283C4} - C:\WINDOWS\system32\wuyhazj.dll (file missing)
O2 - BHO: (no name) - {666F1C8E-803E-F1EC-1A66-FB8DBE228399} - C:\WINDOWS\system32\klgiusg.dll (file missing)
O2 - BHO: (no name) - {6CC36C15-A2F6-D17C-852F-DF7F101886CA} - C:\WINDOWS\System32\tsip.dll (file missing)
O2 - BHO: (no name) - {7D68D9FD-4613-34C0-6551-3871B17795C6} - C:\WINDOWS\system32\knpmbxa.dll
O2 - BHO: (no name) - {80C0F530-3ED1-1E00-F288-151346DB6E90} - C:\WINDOWS\system32\brad.dll (file missing)
O2 - BHO: (no name) - {82AFC98F-026D-21E6-1C26-2FF078C96E97} - C:\WINDOWS\system32\vceiu.dll (file missing)
O2 - BHO: (no name) - {8497A663-69DB-4F02-F288-151346DA3AC3} - C:\WINDOWS\system32\winyi.dll (file missing)
O2 - BHO: (no name) - {87FA9A8F-5739-2FE5-1C26-2FF078C96DC1} - C:\WINDOWS\system32\opestyqx.dll (file missing)
O2 - BHO: (no name) - {91CA3F3F-A089-D55A-FC48-89EA19EB2498} - C:\WINDOWS\system32\poch.dll (file missing)
O2 - BHO: (no name) - {999124F8-BF4A-C1CA-3CF4-927B408879C2} - C:\WINDOWS\System32\ocl.dll (file missing)
O2 - BHO: (no name) - {9C137440-BEAB-C922-D17A-CA3EC4247397} - C:\WINDOWS\System32\szkzx.dll (file missing)
O2 - BHO: (no name) - {A37C6440-A5A4-8E76-D09A-D40FA7931991} - C:\WINDOWS\System32\jdm.dll (file missing)
O2 - BHO: (no name) - {ABE26C86-A969-8EEE-1C86-855A623E47CB} - C:\WINDOWS\System32\thu.dll (file missing)
O2 - BHO: (no name) - {B0697F1A-E8FE-C72B-F1A9-B0DECBB70EC8} - C:\WINDOWS\system32\rkk.dll (file missing)
O2 - BHO: (no name) - {C3108EB2-430A-35D3-2265-6B7490D479C2} - C:\WINDOWS\system32\busbpxlh.dll (file missing)
O2 - BHO: (no name) - {CD49B6DC-7863-5EBE-1D86-05E2997773C4} - C:\WINDOWS\system32\yebaxa.dll (file missing)
O2 - BHO: (no name) - {DD0537FD-FE1A-82C1-3254-D83F847637C0} - C:\WINDOWS\System32\scmird.dll (file missing)
O2 - BHO: (no name) - {E012E019-7CF8-5078-D9DA-5017C68508C4} - C:\WINDOWS\system32\tizw.dll (file missing)
O2 - BHO: (no name) - {E53E7D1E-B9AA-C121-F1A9-B0DECBB70FCA} - C:\WINDOWS\system32\hci.dll (file missing)
O2 - BHO: (no name) - {E7656B20-A0C5-D146-B51C-8C7AE0E30E90} - C:\WINDOWS\system32\rzooxpfq.dll (file missing)
O2 - BHO: (no name) - {E76E7917-B4AC-9420-F1A9-B0DECBB709C8} - C:\WINDOWS\system32\orfvjgb.dll (file missing)
O2 - BHO: (no name) - {E8DECCAB-5B49-23CE-6B91-24800F3E04C3} - C:\WINDOWS\system32\ctome.dll (file missing)
O2 - BHO: (no name) - {EB72754B-BAFE-9F7F-89AF-97ABAC74509B} - C:\WINDOWS\system32\qbaism.dll
O2 - BHO: (no name) - {F949E9D2-7C63-59B0-13A6-07F2C80413C5} - C:\WINDOWS\system32\irvsfo.dll (file missing)
O2 - BHO: (no name) - {FA7A3C08-A2BE-8268-CB3B-8EBAAD3447C2} - C:\WINDOWS\system32\cqxybnhp.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Yunguyo.exe] C:\WINDOWS\System32\Yunguyo.exe
O4 - HKLM\..\Run: [test3] C:\WINDOWS\System32\test3.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Startup: ihl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZNfox000
O8 - Extra context menu item: &플래쉬겟으로 모두 받기 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &플래쉬겟으로 받기 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1127436662072
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127436645478
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{278FF197-2FD0-4383-875A-B0A8865A5428}: NameServer = 85.255.115.46,85.255.112.230
O17 - HKLM\System\CCS\Services\Tcpip\..\{48FF0ABC-F00F-4020-B845-7FBAF87AE47F}: NameServer = 85.255.115.46,85.255.112.230
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FC64092-1C4F-46E1-8D81-49642DC89AF0}: NameServer = 85.255.115.46,85.255.112.230
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5D9FB92-7EAB-4CA1-9DD8-BA12DDBD70B9}: NameServer = 85.255.115.46,85.255.112.230
O20 - AppInit_DLLs: c:\windows\system32\winlogon.dll ping.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\pfoafjp.exe (file missing)
O24 - Desktop Component 0: (no name) - http://us.i1.yimg.co...lue/shd_r_1.gif
O24 - Desktop Component 1: (no name) - http://perso.wanadoo...a_Naruto_43.jpg

--
End of file - 11880 bytes
  • 0

Advertisements


#2
sari

sari

    GeekU Admin

  • Community Leader
  • 21,805 posts
  • MVP
user169,

I'm surprised you haven't been having any issues with this computer. It's pretty infected. I believe this is a different computer than the one Miekiemoes just helped you with? I hope so - I wouldn't want to see you get this infected again in a day!

Please download FixWareout from here:
http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

I'll need the fixwareout log, the combofix log, and a new hijackthis log in your reply.

Thanks,

sari
  • 0

#3
user169

user169

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Yeah this is a different computer. :)
Heres the logs:

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:56 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ihl.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rhrc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {018DB482-7B62-5DE0-1486-552755FCBF9C} - C:\WINDOWS\system32\ynpbwq.dll (file missing)
O2 - BHO: (no name) - {08DDB645-7DF4-587A-D7BA-56A70D5DE299} - C:\WINDOWS\system32\nakfe.dll (file missing)
O2 - BHO: (no name) - {09BB20EC-B258-C3DF-2C25-CFCE6BBFBB99} - C:\WINDOWS\System32\adfre.dll (file missing)
O2 - BHO: (no name) - {0BBD75E8-B658-C389-2C25-CFCE6BBEEACB} - C:\WINDOWS\System32\vsdq.dll (file missing)
O2 - BHO: (no name) - {0DDBB783-7C33-04B6-1486-552755FCBFCD} - C:\WINDOWS\system32\sdgkurr.dll (file missing)
O2 - BHO: (no name) - {1060F535-32D3-4257-A7DD-1043B364F699} - C:\WINDOWS\system32\ngw.dll (file missing)
O2 - BHO: (no name) - {17E7AD32-63D1-4C01-A33D-1EE338EFADCF} - C:\WINDOWS\system32\wqsyo.dll (file missing)
O2 - BHO: (no name) - {30A3A947-38F8-1D7E-88AF-1763716FD599} - C:\WINDOWS\system32\noxy.dll (file missing)
O2 - BHO: (no name) - {30DC7C60-BD85-9459-A03D-9E2B55CF8AC9} - C:\WINDOWS\system32\gpme.dll (file missing)
O2 - BHO: (no name) - {32DB1653-D2E1-F36A-C55B-F8CD5A6D82CF} - C:\WINDOWS\system32\gfafnr.dll (file missing)
O2 - BHO: (no name) - {336D1D8A-D76B-A2EE-1A66-FB8DBE22829E} - C:\WINDOWS\system32\ujxym.dll (file missing)
O2 - BHO: (no name) - {389E0C71-96C0-E017-E449-B919160F839C} - C:\WINDOWS\System32\zytszbn.dll (file missing)
O2 - BHO: (no name) - {391a72a1-108d-435a-875e-5b9048e11657} - C:\WINDOWS\system32\bxdo.dll
O2 - BHO: (no name) - {3DEBBBE3-700F-03D0-7710-0CB26D6A84C5} - C:\WINDOWS\system32\wvbu.dll (file missing)
O2 - BHO: (no name) - {3EB9BEE2-2100-0582-7710-0CB26D6A84C5} - C:\WINDOWS\system32\iyvaeiv.dll (file missing)
O2 - BHO: (no name) - {40B2AF36-60D1-4607-A33D-1EE338EEFBCE} - C:\WINDOWS\system32\tfqrmno.dll (file missing)
O2 - BHO: (no name) - {440F325C-FBE5-8A6A-C1DB-808ADFA5F3C4} - C:\WINDOWS\System32\hhjfepx.dll (file missing)
O2 - BHO: (no name) - {489719DA-856D-A5B7-1906-AD58137FF29A} - C:\WINDOWS\system32\jtoa.dll (file missing)
O2 - BHO: (no name) - {4C966D50-F2E1-8536-CC1B-DCEF490AA09B} - C:\WINDOWS\System32\bdechfv.dll (file missing)
O2 - BHO: (no name) - {5343B90C-71EF-5533-C33B-5E0796A0BBC0} - C:\WINDOWS\system32\vdsuj.dll (file missing)
O2 - BHO: (no name) - {58AD42F9-DA4D-F39A-6FF1-F2AD7C7FB7C1} - C:\WINDOWS\system32\vxvkhbe.dll (file missing)
O2 - BHO: (no name) - {5D5D9065-56D0-7A07-A19D-74D58A72B1CA} - C:\WINDOWS\system32\nnly.dll (file missing)
O2 - BHO: (no name) - {653910DB-D364-F5BF-1A66-FB8DBE2283C4} - C:\WINDOWS\system32\wuyhazj.dll (file missing)
O2 - BHO: (no name) - {666F1C8E-803E-F1EC-1A66-FB8DBE228399} - C:\WINDOWS\system32\klgiusg.dll (file missing)
O2 - BHO: (no name) - {6CC36C15-A2F6-D17C-852F-DF7F101886CA} - C:\WINDOWS\System32\tsip.dll (file missing)
O2 - BHO: (no name) - {80C0F530-3ED1-1E00-F288-151346DB6E90} - C:\WINDOWS\system32\brad.dll (file missing)
O2 - BHO: (no name) - {82AFC98F-026D-21E6-1C26-2FF078C96E97} - C:\WINDOWS\system32\vceiu.dll (file missing)
O2 - BHO: (no name) - {8497A663-69DB-4F02-F288-151346DA3AC3} - C:\WINDOWS\system32\winyi.dll (file missing)
O2 - BHO: (no name) - {87FA9A8F-5739-2FE5-1C26-2FF078C96DC1} - C:\WINDOWS\system32\opestyqx.dll (file missing)
O2 - BHO: (no name) - {91CA3F3F-A089-D55A-FC48-89EA19EB2498} - C:\WINDOWS\system32\poch.dll (file missing)
O2 - BHO: (no name) - {999124F8-BF4A-C1CA-3CF4-927B408879C2} - C:\WINDOWS\System32\ocl.dll (file missing)
O2 - BHO: (no name) - {9C137440-BEAB-C922-D17A-CA3EC4247397} - C:\WINDOWS\System32\szkzx.dll (file missing)
O2 - BHO: (no name) - {A37C6440-A5A4-8E76-D09A-D40FA7931991} - C:\WINDOWS\System32\jdm.dll (file missing)
O2 - BHO: (no name) - {ABE26C86-A969-8EEE-1C86-855A623E47CB} - C:\WINDOWS\System32\thu.dll (file missing)
O2 - BHO: (no name) - {B0697F1A-E8FE-C72B-F1A9-B0DECBB70EC8} - C:\WINDOWS\system32\rkk.dll (file missing)
O2 - BHO: (no name) - {C3108EB2-430A-35D3-2265-6B7490D479C2} - C:\WINDOWS\system32\busbpxlh.dll (file missing)
O2 - BHO: (no name) - {CD49B6DC-7863-5EBE-1D86-05E2997773C4} - C:\WINDOWS\system32\yebaxa.dll (file missing)
O2 - BHO: (no name) - {DD0537FD-FE1A-82C1-3254-D83F847637C0} - C:\WINDOWS\System32\scmird.dll (file missing)
O2 - BHO: (no name) - {E012E019-7CF8-5078-D9DA-5017C68508C4} - C:\WINDOWS\system32\tizw.dll (file missing)
O2 - BHO: (no name) - {E53E7D1E-B9AA-C121-F1A9-B0DECBB70FCA} - C:\WINDOWS\system32\hci.dll (file missing)
O2 - BHO: (no name) - {E7656B20-A0C5-D146-B51C-8C7AE0E30E90} - C:\WINDOWS\system32\rzooxpfq.dll (file missing)
O2 - BHO: (no name) - {E76E7917-B4AC-9420-F1A9-B0DECBB709C8} - C:\WINDOWS\system32\orfvjgb.dll (file missing)
O2 - BHO: (no name) - {E8DECCAB-5B49-23CE-6B91-24800F3E04C3} - C:\WINDOWS\system32\ctome.dll (file missing)
O2 - BHO: (no name) - {EB72754B-BAFE-9F7F-89AF-97ABAC74509B} - C:\WINDOWS\system32\qbaism.dll
O2 - BHO: (no name) - {F949E9D2-7C63-59B0-13A6-07F2C80413C5} - C:\WINDOWS\system32\irvsfo.dll (file missing)
O2 - BHO: (no name) - {FA7A3C08-A2BE-8268-CB3B-8EBAAD3447C2} - C:\WINDOWS\system32\cqxybnhp.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Yunguyo.exe] C:\WINDOWS\System32\Yunguyo.exe
O4 - HKLM\..\Run: [test3] C:\WINDOWS\System32\test3.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ihl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZNfox000
O8 - Extra context menu item: &플래쉬겟으로 모두 받기 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &플래쉬겟으로 받기 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1127436662072
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127436645478
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O20 - AppInit_DLLs: c:\windows\system32\winlogon.dll ping.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O24 - Desktop Component 0: (no name) - http://us.i1.yimg.co...lue/shd_r_1.gif
O24 - Desktop Component 1: (no name) - http://perso.wanadoo...a_Naruto_43.jpg

--
End of file - 11204 bytes

Combofix Log:

ComboFix 07-11-19.4C - Administrator 2007-11-28 16:44:38.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.57 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\ECURIT~1
C:\Documents and Settings\Administrator\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Administrator\Application Data\WNSXS~1
C:\Documents and Settings\Administrator\Application Data\YSTEM~1
C:\Documents and Settings\Administrator\My Documents\WNSXS~1
C:\Documents and Settings\NetworkService\Application Data\ASEMBL~1
C:\Documents and Settings\NetworkService\Application Data\ECURIT~1
C:\Documents and Settings\NetworkService\Start Menu\Programs\Outerinfo
C:\Documents and Settings\NetworkService\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\NetworkService\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\cmapp
C:\Program Files\cmapp\Client\hf.txt
C:\Program Files\cmapp\Client\rf.txt
C:\Program Files\cmapp\Client\sf.txt
C:\Program Files\Common Files\mcroso~1
C:\Program Files\Common Files\mcroso~1\M?crosoft\
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\maxifiles
C:\Program Files\maxifiles\affid.dat
C:\Program Files\mcroso~1
C:\Program Files\mediapipe
C:\Program Files\mediapipe\Agent.dll
C:\Program Files\mediapipe\altpayments_terms.txt
C:\Program Files\mediapipe\api.exe
C:\Program Files\mediapipe\insdl.dll
C:\Program Files\mediapipe\install.log
C:\Program Files\mediapipe\MediaPipe.ini
C:\Program Files\mediapipe\p2pinst.exe
C:\Program Files\mediapipe\p2pl.exe
C:\Program Files\mediapipe\register.dll
C:\Program Files\winupdates
C:\Program Files\ymbols~1
C:\Program Files\ystem~1
C:\WINDOWS\libbz2.dll
C:\WINDOWS\mcroso~1
C:\WINDOWS\rk.exe
C:\WINDOWS\ru.exe
C:\WINDOWS\system32\asembl~1
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\mswinstall.exe
C:\WINDOWS\system32\Cache\runsearch.exe
C:\WINDOWS\system32\Cache\wrapperouter.exe
C:\WINDOWS\system32\cemetrix.dll
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\knpmbxa.dll
C:\WINDOWS\system32\svohost.exe
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\ymbols~1
C:\WINDOWS\system32\ymbols~1\smss.exe
C:\WINDOWS\ymante~1
C:\WINDOWS\ystem~1
C:\WINDOWS\ystem~1\сsrss.exe
C:\WINDOWS\ystem3~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\Windows Overlay Components


((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-25 09:55 82,432 -r-hs---- C:\WINDOWS\system32\rhrc.exe
2007-11-23 15:59 12,800 --a------ C:\WINDOWS\system32\bxdo.dll
2007-11-19 16:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-19 16:58 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-19 16:58 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-19 16:58 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-19 16:21 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-08 13:03 <DIR> d--hs---- C:\FOUND.005
2007-11-02 14:35 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-10-31 17:46 <DIR> d-------- C:\Program Files\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-22 01:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\U3
2007-10-18 04:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2007-10-18 03:20 --------- d-----w C:\Program Files\MySpace
2007-10-18 03:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MySpace
2007-10-16 04:46 --------- d-----w C:\Program Files\FlashGet
2007-10-02 05:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-02 05:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2006-07-17 17:52 117,546 ---ha-w C:\Documents and Settings\Administrator\Application Data\ptads.bin
2005-09-16 02:48 27,718 ----a-w C:\Program Files\Movieland Terms.html
2004-06-23 21:55 20,480 ----a-w C:\Program Files\ProcManager.exe
2003-09-09 16:34 143,448 ----a-w C:\Program Files\Common Files\sprxi.exe
1998-12-09 03:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 03:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 03:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 03:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 03:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 03:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
2004-02-02 20:11 32 --sha-w C:\WINDOWS\{897DDF1F-0993-4B49-91CE-730C9B837BB0}.dat
2007-08-14 15:16 230,400 --sh--r C:\WINDOWS\system32\wοwexec.exe
2004-02-02 20:11 32 --sha-w C:\WINDOWS\system32\{681CB933-5711-4252-87EE-490FB5769286}.dat
2006-02-25 04:33 71,168 --sh--r C:\WINDOWS\system32\config\systemprofile\My Documents\ΑрpPatch\ati2evxx.exe
2007-08-14 16:46 70,144 --sh--r C:\WINDOWS\system32\АрpPatch\winlogon.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{018DB482-7B62-5DE0-1486-552755FCBF9C}]
C:\WINDOWS\system32\ynpbwq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08DDB645-7DF4-587A-D7BA-56A70D5DE299}]
C:\WINDOWS\system32\nakfe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09BB20EC-B258-C3DF-2C25-CFCE6BBFBB99}]
C:\WINDOWS\System32\adfre.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BBD75E8-B658-C389-2C25-CFCE6BBEEACB}]
C:\WINDOWS\System32\vsdq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DDBB783-7C33-04B6-1486-552755FCBFCD}]
C:\WINDOWS\system32\sdgkurr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1060F535-32D3-4257-A7DD-1043B364F699}]
C:\WINDOWS\system32\ngw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17E7AD32-63D1-4C01-A33D-1EE338EFADCF}]
C:\WINDOWS\system32\wqsyo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30A3A947-38F8-1D7E-88AF-1763716FD599}]
C:\WINDOWS\system32\noxy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30DC7C60-BD85-9459-A03D-9E2B55CF8AC9}]
C:\WINDOWS\system32\gpme.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32DB1653-D2E1-F36A-C55B-F8CD5A6D82CF}]
C:\WINDOWS\system32\gfafnr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D1D8A-D76B-A2EE-1A66-FB8DBE22829E}]
C:\WINDOWS\system32\ujxym.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389E0C71-96C0-E017-E449-B919160F839C}]
C:\WINDOWS\System32\zytszbn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{391a72a1-108d-435a-875e-5b9048e11657}]
2007-11-28 16:50 12800 --a------ C:\WINDOWS\system32\bxdo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DEBBBE3-700F-03D0-7710-0CB26D6A84C5}]
C:\WINDOWS\system32\wvbu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EB9BEE2-2100-0582-7710-0CB26D6A84C5}]
C:\WINDOWS\system32\iyvaeiv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40B2AF36-60D1-4607-A33D-1EE338EEFBCE}]
C:\WINDOWS\system32\tfqrmno.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{440F325C-FBE5-8A6A-C1DB-808ADFA5F3C4}]
C:\WINDOWS\System32\hhjfepx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489719DA-856D-A5B7-1906-AD58137FF29A}]
C:\WINDOWS\system32\jtoa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C966D50-F2E1-8536-CC1B-DCEF490AA09B}]
C:\WINDOWS\System32\bdechfv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5343B90C-71EF-5533-C33B-5E0796A0BBC0}]
C:\WINDOWS\system32\vdsuj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58AD42F9-DA4D-F39A-6FF1-F2AD7C7FB7C1}]
C:\WINDOWS\system32\vxvkhbe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D5D9065-56D0-7A07-A19D-74D58A72B1CA}]
C:\WINDOWS\system32\nnly.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{653910DB-D364-F5BF-1A66-FB8DBE2283C4}]
C:\WINDOWS\system32\wuyhazj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{666F1C8E-803E-F1EC-1A66-FB8DBE228399}]
C:\WINDOWS\system32\klgiusg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CC36C15-A2F6-D17C-852F-DF7F101886CA}]
C:\WINDOWS\System32\tsip.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80C0F530-3ED1-1E00-F288-151346DB6E90}]
C:\WINDOWS\system32\brad.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82AFC98F-026D-21E6-1C26-2FF078C96E97}]
C:\WINDOWS\system32\vceiu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8497A663-69DB-4F02-F288-151346DA3AC3}]
C:\WINDOWS\system32\winyi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87FA9A8F-5739-2FE5-1C26-2FF078C96DC1}]
C:\WINDOWS\system32\opestyqx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91CA3F3F-A089-D55A-FC48-89EA19EB2498}]
C:\WINDOWS\system32\poch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{999124F8-BF4A-C1CA-3CF4-927B408879C2}]
C:\WINDOWS\System32\ocl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C137440-BEAB-C922-D17A-CA3EC4247397}]
C:\WINDOWS\System32\szkzx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A37C6440-A5A4-8E76-D09A-D40FA7931991}]
C:\WINDOWS\System32\jdm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABE26C86-A969-8EEE-1C86-855A623E47CB}]
C:\WINDOWS\System32\thu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0697F1A-E8FE-C72B-F1A9-B0DECBB70EC8}]
C:\WINDOWS\system32\rkk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3108EB2-430A-35D3-2265-6B7490D479C2}]
C:\WINDOWS\system32\busbpxlh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD49B6DC-7863-5EBE-1D86-05E2997773C4}]
C:\WINDOWS\system32\yebaxa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD0537FD-FE1A-82C1-3254-D83F847637C0}]
C:\WINDOWS\System32\scmird.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E012E019-7CF8-5078-D9DA-5017C68508C4}]
C:\WINDOWS\system32\tizw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E53E7D1E-B9AA-C121-F1A9-B0DECBB70FCA}]
C:\WINDOWS\system32\hci.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7656B20-A0C5-D146-B51C-8C7AE0E30E90}]
C:\WINDOWS\system32\rzooxpfq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E76E7917-B4AC-9420-F1A9-B0DECBB709C8}]
C:\WINDOWS\system32\orfvjgb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8DECCAB-5B49-23CE-6B91-24800F3E04C3}]
C:\WINDOWS\system32\ctome.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB72754B-BAFE-9F7F-89AF-97ABAC74509B}]
2007-08-14 07:15 60928 --a------ C:\WINDOWS\system32\qbaism.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F949E9D2-7C63-59B0-13A6-07F2C80413C5}]
C:\WINDOWS\system32\irvsfo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA7A3C08-A2BE-8268-CB3B-8EBAAD3447C2}]
C:\WINDOWS\system32\cqxybnhp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-10-29 14:50 C:\WINDOWS\system32\nwiz.exe]
"Yunguyo.exe"="C:\WINDOWS\System32\Yunguyo.exe" [2005-10-08 03:28]
"test3"="C:\WINDOWS\System32\test3.exe" [2005-10-17 14:04]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-26 20:02]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 00:56]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-04 00:56]
"Jol"="C:\WINDOWS\System32\wοwexec.exe" [2007-08-14 07:16]
"Eruo"="C:\WINDOWS\System32\АРPP~1\winlogon.exe" [2007-08-14 08:46]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
ihl.exe [2006-09-26 16:46:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\winlogon.dll ping.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^AdDestroyer.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AdDestroyer.lnk
backup=C:\WINDOWS\pss\AdDestroyer.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^4Google2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\4Google2.lnk
backup=C:\WINDOWS\pss\4Google2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-11-01 14:13 684032 --a------ C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
2002-08-26 22:35 79480 --a------ C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltPayments]
C:\Program Files\AltPayments\AltPayments.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AUNPS2]
RUNDLL32 AUNPS2.DLL,[email protected]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
C:\Program Files\AutoUpdate\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bxxs5]
RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2003-12-02 16:11 54296 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
2003-12-02 16:11 58392 --a------ C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMAPP]
C:\Program Files\CMAPP\Client\cmappclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
C:\Program Files\Common Files\CMEII\CMESys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMSystem]
C:\Program Files\CMSystem\CMSystem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlPanel]
C:\WINDOWS\System32\popcorn72.exe rundll.dll,LoadMouseProfile

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Reminder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD50]
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 00:56 15360 --a------ C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eruo]
C:\Program Files\ebre\rhrc.exe -vt rbnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod]
C:\PROGRA~1\ezula\mmod.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZWO]
C:\PROGRA~1\Web Offer\wo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\FlashGet.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 08:38 241664 --a------ C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-08-04 17:28 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2001-08-23 05:00 44032 --a------ C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
C:\Program Files\Internet Optimizer\optimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Program Files\ISTsvc\istsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-06-14 16:24 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KillAndClean]
C:\Program Files\KillAndClean\KillAndClean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway.exe]
C:\WINDOWS\System32\MediaGateway.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaPipe P2P Loader]
C:\Program Files\p2pnetworks\mpp2pl.exe /H

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyDailyHoroscope]
C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWA6P_0001_N91M1807]
C:\Documents and Settings\Administrator\Desktop\WinAntiVirusPro2006FreeInstall.exe -nag

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSS]
c:\windows\system32\ossproxy.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner]
C:\Program Files\Privacy Champion\pscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
C:\Program Files\pspvideo9\pspVideo9.exe -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner]
C:\Program Files\Registry Cleaner\RegClean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
c:\program files\180searchassistant\salm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
C:\Program Files\se\v11\se.EXE /H

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
Smtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Begone]
c:\freescan\freescan.exe -FastScan

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-08-26 18:14 36975 --a------ C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]
C:\Program Files\SurfSideKick 2\Ssk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
C:\PROGRA~1\Toolbar\TBPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\u3ri4ko5]
C:\Program Files\u3ri4ko5\u3ri4ko5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
C:\Program Files\Web_Rebates\WebRebates0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll,cdaEngineMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

R1 NPPTNT;NPPTNT;\??\C:\WINDOWS\System32\npptNT.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS
S3 ham50;Intel V92 HaM Data Fax Voice;C:\WINDOWS\system32\DRIVERS\IntelH51.sys
S3 Intels51;Intel® 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys
S3 MooseKOPMA;MooseKOPMA;\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.984\MooseKOPMA.sys
S3 MzBot;MzBot;\??\C:\MzBot.sys
S3 xp1;xp1;\??\C:\Documents and Settings\Administrator\Desktop\36. hacks\xp.sys
S3 zenos1;zenos1;\??\C:\Documents and Settings\Administrator\Desktop\ZenosEngine\zenos.sys
S3 zenx1;zenx1;\??\C:\Documents and Settings\Administrator\Desktop\ZenxEngine_LATEST\zenx.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\304260a5-cd3e-4468-8532-a001953f2711]
C:\WINDOWS\System32\dmdmrmx.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-29 00:59:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-11-28 06:52:02 C:\WINDOWS\Tasks\WebReg 20041016225225.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe\/TaskName 20041016225225 /N
"2006-01-31 03:21:16 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-11-29 00:49:58 C:\WINDOWS\Tasks\RUTASK.job"
- C:\WINDOWS\ru.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 16:50:30
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 16:59:17 - machine was rebooted
.
--- E O F ---


fixwareout log:


Username "Administrator" - 8/2007 Wed 16:32:41 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="csqmg.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{278FF197-2FD0-4383-875A-B0A8865A5428}
"nameserver"="85.255.115.46,85.255.112.230" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{48FF0ABC-F00F-4020-B845-7FBAF87AE47F}
"nameserver"="85.255.115.46,85.255.112.230" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9FC64092-1C4F-46E1-8D81-49642DC89AF0}
"nameserver"="85.255.115.46,85.255.112.230" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F5D9FB92-7EAB-4CA1-9DD8-BA12DDBD70B9}
"nameserver"="85.255.115.46,85.255.112.230" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{48FF0ABC-F00F-4020-B845-7FBAF87AE47F}
"DhcpNameServer"="85.255.115.46,85.255.112.230" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9FC64092-1C4F-46E1-8D81-49642DC89AF0}
"DhcpNameServer"="85.255.115.46,85.255.112.230" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DFA67C3B-AB95-42ED-A4C7-D779EEA0C94D}
"DhcpNameServer"="85.255.115.46,85.255.112.230" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "1dedoc" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "emvaf" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "domdnb" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "orcimlh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "hjgmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "xedocne" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwoh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23plhps" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "mgcppp" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "tesvaf" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "32refaselif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "nlcalik" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "cmnmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}150AA287CED8-244A-23E4-88EE-3DF9A21F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1D3FE13F8ED5-889B-CED4-12F1-4303841C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}881AACBBFC22-EC8B-F5A4-E9A4-3B2C6F2A{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2DB0F3219B04-1E98-1D64-8117-741C8C0C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}3B37B2D4F827-D389-9A04-1DE4-016547A2{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}7FC66FDC27F5-3F9A-4F94-8ECF-BB4851B7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "bscmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D9CA8DC5330D-8078-5474-87B5-98D2046C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D025649AAC31-F8F8-1104-1A5F-5F0192A3{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "ctbmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "jbfsc" Value deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "jvlsc" Value deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "gmqsc" Value deleted
HKCR\CLSID\{6B2B1210-1D14-45E8-A261-DE45DFEDA574}\_h\4 Deleted.
HKCR\CLSID\{74D0FE39-3AFB-4854-9B59-339F8746DA3E}\_h\4 Deleted.
HKCR\CLSID\{DB67DC8A-1E74-4D0E-8998-59B5781A966E}\_h\4 Deleted.
....
~~~~~ Misc files.
C:\Documents and Settings\Administrator\Application Data\kc.tmp Deleted
C:\Documents and Settings\All Users\Favorites\AdultGambling.url Deleted
C:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url Deleted
C:\Documents and Settings\All Users\Favorites\Free Online Dating.url Deleted
C:\Documents and Settings\All Users\Favorites\[bleep] Real Girls.url Deleted
C:\Documents and Settings\All Users\Favorites\Kill Annoying Popups.url Deleted
C:\Documents and Settings\All Users\Favorites\NEW VIAGRA at Half Price!.url Deleted
C:\Documents and Settings\All Users\Favorites\Online Chat With Nude Girls.url Deleted
C:\Documents and Settings\All Users\Favorites\Online Sex Poker Rooms.url Deleted
C:\Documents and Settings\All Users\Favorites\Order CIALIS online without leaving home..url Deleted
C:\Documents and Settings\All Users\Favorites\PC protection in under 2 minutes!.url Deleted
C:\Documents and Settings\All Users\Favorites\Play Adult-Poker.url Deleted
C:\Documents and Settings\All Users\Favorites\Remove Toolbars.url Deleted
C:\Documents and Settings\All Users\Favorites\SEX Dating - Real Girls For Real SEX.url Deleted
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall.url Deleted
C:\Documents and Settings\All Users\Favorites\SPYWARE.url Deleted
C:\Documents and Settings\All Users\Favorites\Stop PopUps On Your Computer.url Deleted
C:\Documents and Settings\All Users\Favorites\VIAGRA at incredible low price. Bonus Pills!.url Deleted
C:\Documents and Settings\All Users\Favorites\View ADULT photos of REAL GIRLS!.url Deleted
C:\Documents and Settings\All Users\Favorites\XXX personal photos.url Deleted
C:\WINDOWS\System32\kilacln.exe Deleted
C:\WINDOWS\System32\winctrl16.exe Deleted
C:\WINDOWS\System32\winctrl32.exe Deleted
C:\WINDOWS\System32\winctrl64.exe Deleted
C:\Documents and Settings\All Users\Favorites\Online Pharmacy Deleted
C:\Documents and Settings\All Users\Favorites\Sex and Dating Deleted
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall Deleted
C:\WINDOWS\system32\{7B1584BB-FCE8-49F4-A9F3-5F72CDF66CF7}.exe Deleted
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe /install"
"Yunguyo.exe"="C:\\WINDOWS\\System32\\Yunguyo.exe"
"test3"="C:\\WINDOWS\\System32\\test3.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
C:\WINDOWS\System32\AUTOEXEC.NT missing
~~~~~ End report ~~~~~
  • 0

#4
sari

sari

    GeekU Admin

  • Community Leader
  • 21,805 posts
  • MVP
user169,

You have a great many malicious programs disabled in msconfig. To really clean this computer, I would recommend re-enabling them so I can help delete them.

Please go to Start > Run and type msconfig. Under the General tab, please make sure Normal Startup is selected. Under the Startup tab, please make sure everything in there is checked. Click OK, and then reboot your system. Post a new hijackthis log.

sari
  • 0

#5
user169

user169

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:32 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Yunguyo.exe
C:\Program Files\QuickTime\qttask.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Mshtml2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\Smtray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\WINDOWS\system32\rhrc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ihl.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: (no name) - {018DB482-7B62-5DE0-1486-552755FCBF9C} - C:\WINDOWS\system32\ynpbwq.dll (file missing)
O2 - BHO: (no name) - {08DDB645-7DF4-587A-D7BA-56A70D5DE299} - C:\WINDOWS\system32\nakfe.dll (file missing)
O2 - BHO: (no name) - {09BB20EC-B258-C3DF-2C25-CFCE6BBFBB99} - C:\WINDOWS\System32\adfre.dll (file missing)
O2 - BHO: (no name) - {0BBD75E8-B658-C389-2C25-CFCE6BBEEACB} - C:\WINDOWS\System32\vsdq.dll (file missing)
O2 - BHO: (no name) - {0DDBB783-7C33-04B6-1486-552755FCBFCD} - C:\WINDOWS\system32\sdgkurr.dll (file missing)
O2 - BHO: (no name) - {1060F535-32D3-4257-A7DD-1043B364F699} - C:\WINDOWS\system32\ngw.dll (file missing)
O2 - BHO: (no name) - {17E7AD32-63D1-4C01-A33D-1EE338EFADCF} - C:\WINDOWS\system32\wqsyo.dll (file missing)
O2 - BHO: (no name) - {30A3A947-38F8-1D7E-88AF-1763716FD599} - C:\WINDOWS\system32\noxy.dll (file missing)
O2 - BHO: (no name) - {30DC7C60-BD85-9459-A03D-9E2B55CF8AC9} - C:\WINDOWS\system32\gpme.dll (file missing)
O2 - BHO: (no name) - {32DB1653-D2E1-F36A-C55B-F8CD5A6D82CF} - C:\WINDOWS\system32\gfafnr.dll (file missing)
O2 - BHO: (no name) - {336D1D8A-D76B-A2EE-1A66-FB8DBE22829E} - C:\WINDOWS\system32\ujxym.dll (file missing)
O2 - BHO: (no name) - {389E0C71-96C0-E017-E449-B919160F839C} - C:\WINDOWS\System32\zytszbn.dll (file missing)
O2 - BHO: (no name) - {391a72a1-108d-435a-875e-5b9048e11657} - C:\WINDOWS\system32\bxdo.dll
O2 - BHO: (no name) - {3DEBBBE3-700F-03D0-7710-0CB26D6A84C5} - C:\WINDOWS\system32\wvbu.dll (file missing)
O2 - BHO: (no name) - {3EB9BEE2-2100-0582-7710-0CB26D6A84C5} - C:\WINDOWS\system32\iyvaeiv.dll (file missing)
O2 - BHO: (no name) - {40B2AF36-60D1-4607-A33D-1EE338EEFBCE} - C:\WINDOWS\system32\tfqrmno.dll (file missing)
O2 - BHO: (no name) - {440F325C-FBE5-8A6A-C1DB-808ADFA5F3C4} - C:\WINDOWS\System32\hhjfepx.dll (file missing)
O2 - BHO: (no name) - {489719DA-856D-A5B7-1906-AD58137FF29A} - C:\WINDOWS\system32\jtoa.dll (file missing)
O2 - BHO: (no name) - {4C966D50-F2E1-8536-CC1B-DCEF490AA09B} - C:\WINDOWS\System32\bdechfv.dll (file missing)
O2 - BHO: (no name) - {5343B90C-71EF-5533-C33B-5E0796A0BBC0} - C:\WINDOWS\system32\vdsuj.dll (file missing)
O2 - BHO: (no name) - {58AD42F9-DA4D-F39A-6FF1-F2AD7C7FB7C1} - C:\WINDOWS\system32\vxvkhbe.dll (file missing)
O2 - BHO: (no name) - {5D5D9065-56D0-7A07-A19D-74D58A72B1CA} - C:\WINDOWS\system32\nnly.dll (file missing)
O2 - BHO: (no name) - {653910DB-D364-F5BF-1A66-FB8DBE2283C4} - C:\WINDOWS\system32\wuyhazj.dll (file missing)
O2 - BHO: (no name) - {666F1C8E-803E-F1EC-1A66-FB8DBE228399} - C:\WINDOWS\system32\klgiusg.dll (file missing)
O2 - BHO: (no name) - {6CC36C15-A2F6-D17C-852F-DF7F101886CA} - C:\WINDOWS\System32\tsip.dll (file missing)
O2 - BHO: (no name) - {80C0F530-3ED1-1E00-F288-151346DB6E90} - C:\WINDOWS\system32\brad.dll (file missing)
O2 - BHO: (no name) - {82AFC98F-026D-21E6-1C26-2FF078C96E97} - C:\WINDOWS\system32\vceiu.dll (file missing)
O2 - BHO: (no name) - {8497A663-69DB-4F02-F288-151346DA3AC3} - C:\WINDOWS\system32\winyi.dll (file missing)
O2 - BHO: (no name) - {87FA9A8F-5739-2FE5-1C26-2FF078C96DC1} - C:\WINDOWS\system32\opestyqx.dll (file missing)
O2 - BHO: (no name) - {91CA3F3F-A089-D55A-FC48-89EA19EB2498} - C:\WINDOWS\system32\poch.dll (file missing)
O2 - BHO: (no name) - {999124F8-BF4A-C1CA-3CF4-927B408879C2} - C:\WINDOWS\System32\ocl.dll (file missing)
O2 - BHO: (no name) - {9C137440-BEAB-C922-D17A-CA3EC4247397} - C:\WINDOWS\System32\szkzx.dll (file missing)
O2 - BHO: (no name) - {A37C6440-A5A4-8E76-D09A-D40FA7931991} - C:\WINDOWS\System32\jdm.dll (file missing)
O2 - BHO: (no name) - {ABE26C86-A969-8EEE-1C86-855A623E47CB} - C:\WINDOWS\System32\thu.dll (file missing)
O2 - BHO: (no name) - {B0697F1A-E8FE-C72B-F1A9-B0DECBB70EC8} - C:\WINDOWS\system32\rkk.dll (file missing)
O2 - BHO: (no name) - {C3108EB2-430A-35D3-2265-6B7490D479C2} - C:\WINDOWS\system32\busbpxlh.dll (file missing)
O2 - BHO: (no name) - {CD49B6DC-7863-5EBE-1D86-05E2997773C4} - C:\WINDOWS\system32\yebaxa.dll (file missing)
O2 - BHO: (no name) - {DD0537FD-FE1A-82C1-3254-D83F847637C0} - C:\WINDOWS\System32\scmird.dll (file missing)
O2 - BHO: (no name) - {E012E019-7CF8-5078-D9DA-5017C68508C4} - C:\WINDOWS\system32\tizw.dll (file missing)
O2 - BHO: (no name) - {E53E7D1E-B9AA-C121-F1A9-B0DECBB70FCA} - C:\WINDOWS\system32\hci.dll (file missing)
O2 - BHO: (no name) - {E7656B20-A0C5-D146-B51C-8C7AE0E30E90} - C:\WINDOWS\system32\rzooxpfq.dll (file missing)
O2 - BHO: (no name) - {E76E7917-B4AC-9420-F1A9-B0DECBB709C8} - C:\WINDOWS\system32\orfvjgb.dll (file missing)
O2 - BHO: (no name) - {E8DECCAB-5B49-23CE-6B91-24800F3E04C3} - C:\WINDOWS\system32\ctome.dll (file missing)
O2 - BHO: (no name) - {EB72754B-BAFE-9F7F-89AF-97ABAC74509B} - C:\WINDOWS\system32\qbaism.dll
O2 - BHO: (no name) - {F949E9D2-7C63-59B0-13A6-07F2C80413C5} - C:\WINDOWS\system32\irvsfo.dll (file missing)
O2 - BHO: (no name) - {FA7A3C08-A2BE-8268-CB3B-8EBAAD3447C2} - C:\WINDOWS\system32\cqxybnhp.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Yunguyo.exe] C:\WINDOWS\System32\Yunguyo.exe
O4 - HKLM\..\Run: [test3] C:\WINDOWS\System32\test3.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [u3ri4ko5] C:\Program Files\u3ri4ko5\u3ri4ko5.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [OSS] c:\windows\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NI.UWA6P_0001_N91M1807] "C:\Documents and Settings\Administrator\Desktop\WinAntiVirusPro2006FreeInstall.exe" -nag
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [MediaGateway.exe] C:\WINDOWS\System32\MediaGateway.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected]
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [Eruo] "C:\Program Files\ebre\rhrc.exe" -vt rbnd
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ihl.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: 4Google2.lnk = C:\Program Files\4Google2\4google2.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZNfox000
O8 - Extra context menu item: &플래쉬겟으로 모두 받기 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &플래쉬겟으로 받기 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1127436662072
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127436645478
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O20 - AppInit_DLLs: c:\windows\system32\winlogon.dll ping.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O24 - Desktop Component 0: (no name) - http://us.i1.yimg.co...lue/shd_r_1.gif
O24 - Desktop Component 1: (no name) - http://perso.wanadoo...a_Naruto_43.jpg

--
End of file - 20017 bytes
  • 0

#6
sari

sari

    GeekU Admin

  • Community Leader
  • 21,805 posts
  • MVP
user169,

Sorry I took a while - I was out most of the day today and you have a lot to fix in your log.

Please go to Uploadmalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: C:\WINDOWS\system32\qbaism.dll
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File
First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Please post a new hijackthis log for me.

Thanks,

sari
  • 0

#7
user169

user169

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
*edit

Edited by user169, 03 December 2007 - 09:00 PM.

  • 0

#8
user169

user169

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
*edit

Sorry my brother continued responding to the forum and posted some wrong logs.
Im a bit busy for a couple days. But Ill get to it.

Edited by user169, 03 December 2007 - 09:03 PM.

  • 0

#9
sari

sari

    GeekU Admin

  • Community Leader
  • 21,805 posts
  • MVP
user169,

I was very confused - thanks for clearing that up.

sari
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP