I need help. I have been infected and cant seem to get rid of this virus/spyware. Can anyone help me. I have read some of the other posts and pasted my log from Hijackthis below.
Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-14 12:57:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 510 MiB (512 MiB recommended).
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:35 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {791699A3-79E5-404E-947F-68FB1D4E57BD} - C:\WINDOWS\system32\awtsPhhg.dll
O4 - HKLM\..\Run: [e435bda0] rundll32.exe "C:\WINDOWS\system32\ymninydj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
--
End of file - 2303 bytes
-- Files created between 2008-05-14 and 2008-06-14 -----------------------------
2008-06-14 12:14:32 92544 --a------ C:\WINDOWS\system32\ymninydj.dll
2008-06-14 12:13:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-14 12:13:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 12:13:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 11:45:25 0 d-------- C:\Program Files\RogueRemover FREE
2008-05-19 17:39:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-19 17:38:49 0 d-------- C:\Program Files\Spyware Doctor
2008-05-19 17:38:49 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-05-19 17:34:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-19 17:30:54 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-05-19 17:26:36 0 d-------- C:\Program Files\CCleaner
2008-05-19 17:19:28 0 d-------- C:\Program Files\Trend Micro
2008-05-17 12:50:49 0 d-------- C:\Documents and Settings\Owner\Application Data\AXPDefender
2008-05-17 12:50:37 0 d-------- C:\Program Files\AXPDefender
2008-05-16 22:28:58 237776 --ahs---- C:\WINDOWS\system32\ghhPstwa.ini2
2008-05-16 22:28:53 317824 --a------ C:\WINDOWS\system32\awtsPhhg.dll
2008-05-16 22:24:17 15360 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-05-16 22:24:12 29824 --a------ C:\WINDOWS\system32\cbXOfdBQ.dll
2008-05-16 22:24:06 81920 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-16 22:24:05 212992 --a------ C:\WINDOWS\vbksrofa.dll
2008-05-16 22:22:55 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
-- Find3M Report ---------------------------------------------------------------
2008-05-15 22:24:25 0 d-------- C:\Program Files\LimeWire
2008-05-07 16:32:31 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2008-05-07 16:26:25 50288 --a----c- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-05-05 17:17:18 0 d-------- C:\Program Files\iTunes
2008-05-05 17:15:44 0 d-------- C:\Program Files\iPod
2008-05-05 17:11:30 0 d-------- C:\Program Files\QuickTime
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{791699A3-79E5-404E-947F-68FB1D4E57BD}]
05/16/2008 10:28 PM 317824 --a------ C:\WINDOWS\system32\awtsPhhg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e435bda0"="C:\WINDOWS\system32\ymninydj.dll" [06/14/2008 12:14 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 06/14/2008 11:22 AM 15360 C:\WINDOWS\system32\WinCtrl32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtsPhhg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gmT63.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsX62.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsX63.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\weJ85.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingm51.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkq30.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqw27.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c109d842-bda1-11db-b529-0050da21e74c}]
AutoRun\command- fooool.exe
explore\Command- fooool.exe
open\Command- fooool.exe
*Newly Created Service* - MBAMCATCHME
-- End of Deckard's System Scanner: finished at 2008-06-14 13:00:54 ------------