Hellot here
"Administrator" - Sun 03/25/2007 20:05:18 Service Pack 4
ComboFix 07-03-23 - Running from: "C:\Documents and Settings\Administrator\Desktop"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
"C:\WINNT\system32\vtsts.dll"
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\vsadd-in
((((((((((((((((((((((((((((((( Files Created from 2007-02-25 to 2007-03-25 ))))))))))))))))))))))))))))))))))
2007-03-25 19:13 88,340 --a------ C:\WINNT\system32\scdwaewv.exe
2007-03-25 19:12 88,340 --a------ C:\WINNT\system32\jyeoefqm.exe
2007-03-25 19:12 132,116 --a------ C:\WINNT\system32\sdsuwsgq.dll
2007-03-24 19:12 132,116 --a------ C:\WINNT\system32\sewaypvc.dll
2007-03-24 19:12 123,972 --a------ C:\WINNT\system32\rdrdgflc.dll
2007-03-24 19:11 88,340 --a------ C:\WINNT\system32\mwqlvuuk.exe
2007-03-24 19:11 777,572 ---hs---- C:\WINNT\system32\ststv.bak1
2007-03-24 19:11 48,660 --a------ C:\WINNT\system32\mdlwuefu.dll
2007-03-22 23:42 132,116 --a------ C:\WINNT\system32\iehbslpu.dll
2007-03-22 23:42 123,972 --a------ C:\WINNT\system32\nyyjgwwu.dll
2007-03-22 23:18 132,116 --a------ C:\WINNT\system32\ecqpcvak.dll
2007-03-22 23:18 123,972 --a------ C:\WINNT\system32\aacawjyg.dll
2007-03-22 23:03 <DIR> d-------- C:\VundoFix Backups
2007-03-22 22:40 123,972 --a------ C:\WINNT\system32\vivbontx.dll
2007-03-22 20:25 <DIR> d-------- C:\FOUND.000
2007-03-22 20:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-03-22 20:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-03-22 20:15 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-03-22 20:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-03-22 20:07 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-03-22 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-22 18:22 626,688 --a------ C:\WINNT\system32\msvcr80.dll
2007-03-22 18:22 462,848 --a------ C:\WINNT\system32\msaatext.dll
2007-03-22 18:22 360,448 --a------ C:\WINNT\system32\oleacc.dll
2007-03-22 18:22 356,352 --a------ C:\WINNT\system32\oleaccrc.dll
2007-03-22 18:22 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2007-03-22 18:06 123,972 --a------ C:\WINNT\system32\wyuowyux.dll
2007-03-21 18:22 <DIR> d-------- C:\OtsLabs
2007-03-21 18:06 773,070 ---hs---- C:\WINNT\system32\ijkmp.bak2
2007-03-21 17:32 3,426,072 --a------ C:\WINNT\system32\d3dx9_32.dll
2007-03-21 17:32 2,414,360 --a------ C:\WINNT\system32\d3dx9_31.dll
2007-03-21 17:32 2,297,552 --a------ C:\WINNT\system32\d3dx9_26.dll
2007-03-21 17:31 974,848 --a------ C:\WINNT\system32\dxdiag.exe
2007-03-21 17:31 83,968 --a------ C:\WINNT\system32\drivers\nabtsfec.sys
2007-03-21 17:31 68,096 --a------ C:\WINNT\system32\dsdmoprp.dll
2007-03-21 17:31 66,408 --a------ C:\WINNT\system32\dxdllreg.exe
2007-03-21 17:31 57,856 --a------ C:\WINNT\system32\dpwsockx.dll
2007-03-21 17:31 56,832 --a------ C:\WINNT\system32\drivers\msdv.sys
2007-03-21 17:31 53,248 --a------ C:\WINNT\system32\devenum.dll
2007-03-21 17:31 524,800 --a------ C:\WINNT\system32\qedit.dll
2007-03-21 17:31 480,256 --a------ C:\WINNT\system32\msvidctl.dll
2007-03-21 17:31 48,512 --a------ C:\WINNT\system32\drivers\stream.sys
2007-03-21 17:31 47,104 --a------ C:\WINNT\system32\wstdecod.dll
2007-03-21 17:31 386,048 --a------ C:\WINNT\system32\diactfrm.dll
2007-03-21 17:31 382,976 --a------ C:\WINNT\system32\qdvd.dll
2007-03-21 17:31 377,856 --a------ C:\WINNT\system32\dpnet.dll
2007-03-21 17:31 363,520 --a------ C:\WINNT\system32\dsound.dll
2007-03-21 17:31 354,816 --a------ C:\WINNT\system32\psisdecd.dll
2007-03-21 17:31 276,480 --a------ C:\WINNT\system32\qdv.dll
2007-03-21 17:31 265,728 --a------ C:\WINNT\system32\ddraw.dll
2007-03-21 17:31 230,400 --a------ C:\WINNT\system32\dplayx.dll
2007-03-21 17:31 22,016 --a------ C:\WINNT\system32\dpmodemx.dll
2007-03-21 17:31 203,264 --a------ C:\WINNT\system32\dpvoice.dll
2007-03-21 17:31 194,560 --a------ C:\WINNT\system32\mswebdvd.dll
2007-03-21 17:31 181,248 --a------ C:\WINNT\system32\dmime.dll
2007-03-21 17:31 18,688 --a------ C:\WINNT\system32\drivers\wstcodec.sys
2007-03-21 17:31 177,152 --a------ C:\WINNT\system32\qcap.dll
2007-03-21 17:31 166,400 --a------ C:\WINNT\system32\dinput8.dll
2007-03-21 17:31 16,896 --a------ C:\WINNT\system32\msyuv.dll
2007-03-21 17:31 16,384 --a------ C:\WINNT\system32\drivers\ccdecode.sys
2007-03-21 17:31 150,016 --a------ C:\WINNT\system32\dinput.dll
2007-03-21 17:31 15,104 --a------ C:\WINNT\system32\drivers\mpe.sys
2007-03-21 17:31 14,976 --a------ C:\WINNT\system32\drivers\streamip.sys
2007-03-21 17:31 11,392 --a------ C:\WINNT\system32\drivers\bdasup.sys
2007-03-21 17:31 104,448 --a------ C:\WINNT\system32\dmusic.dll
2007-03-21 17:31 10,880 --a------ C:\WINNT\system32\drivers\slip.sys
2007-03-21 17:31 10,112 --a------ C:\WINNT\system32\drivers\ndisip.sys
2007-03-21 17:31 1,769,472 --a------ C:\WINNT\system32\dxdiagn.dll
2007-03-21 17:31 1,689,600 --a------ C:\WINNT\system32\d3d9.dll
2007-03-21 17:31 1,179,648 --a------ C:\WINNT\system32\d3d8.dll
2007-03-21 17:31 1,136,640 --a------ C:\WINNT\system32\quartz.dll
2007-03-21 17:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-03-21 16:38 759,166 ---hs---- C:\WINNT\system32\ijkmp.bak1
2007-03-21 16:33 26,697 --a------ C:\WINNT\system32\awtuuus.dll
2007-03-21 15:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\.wyzo
2007-03-12 18:36 <DIR> d-------- C:\Program Files\MySpace
2007-03-12 18:36 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MySpace
2007-03-06 22:34 50,176 --a------ C:\WINNT\system32\reg.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-25 00:00 4212 ---h----- C:\WINNT\system32\zllictbl.dat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MySpaceIM"="\"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe\""
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"ASUS Probe"="\"C:\\Program Files\\ASUS\\Probe\\AsusProb.exe\""
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="\"C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe\""
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"OASClnt"="\"C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"REGSHAVE"="\"C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE\" /AUTORUN"
"NeroFilterCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4D7C8A39-430F-4091-B9BF-3173DFA06DA0}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuuus
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsts
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\
wugroup REG_MULTI_SZ wuauserv\
BITSgroup REG_MULTI_SZ BITS\
hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
WmdmPmSN
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_RASAUTO
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.netscanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: Sun 2007-03-25 20:10:35
Here is my hijack log
Logfile of HijackThis v1.99.1
Scan saved at 8:14:34 PM, on 3/25/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\hijackthis\hj.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/O2 - BHO: (no name) - {4D7C8A39-430F-4091-B9BF-3173DFA06DA0} - C:\WINNT\system32\awtuuus.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ASUS Probe] "C:\Program Files\ASUS\Probe\AsusProb.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcaf...83/mcinsctl.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcaf...,20/mcgdmgr.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtuuus - C:\WINNT\SYSTEM32\awtuuus.dll
O20 - Winlogon Notify: vtsts - C:\WINNT\system32\vtsts.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe
Thanks Paul