cant get rid of virtumonde.prx plz help

black screen pops up

well first spybot for some reason is starting as soon as i start up computer and then after that a couple of black screens come up then goes to another screen after those go away and says system window 32 not found or not running not sure which it says
 
virtumonde.prx came back

my brother downloaded limewire behind my back he got the virus again i deleted limewire again sorry about this but i need ur help one more time hopefull this is the last time.
 
Hi Matt20
my brother downloaded limewire behind my back he got the virus again
Click to expand...

Things Happen,:D: don't worry about it.

re-run rsit and post back a fresh log.txt

Thanks peku006
 
k here it is

Logfile of random's system information tool 1.04 (written by random/random)
Run by Matt at 2008-10-08 22:13:56
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 52 GB (68%) free of 76 GB
Total RAM: 1534 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:10 PM, on 10/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Matt.MATT-255781CAAD\Local Settings\Temporary Internet Files\Content.IE5\TM8CVFQU\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Matt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {03B8848D-EBB2-4445-A334-A07426609133} - C:\WINDOWS\system32\nnnKDVpO.dll (file missing)
O2 - BHO: (no name) - {059E7991-B67F-49F6-ADF9-71269613EC72} - C:\WINDOWS\system32\xxyvwWmM.dll (file missing)
O2 - BHO: (no name) - {08AB940A-A17A-4807-B039-71469C0DFB0C} - C:\WINDOWS\system32\cbXRKEwv.dll (file missing)
O2 - BHO: (no name) - {0B07F5FF-8B66-4367-99CC-2898CCEF6EF6} - C:\WINDOWS\system32\rqRJCUmL.dll (file missing)
O2 - BHO: (no name) - {1B017367-E279-4E75-BBCA-644AEC1146F5} - C:\WINDOWS\system32\iifgFxut.dll (file missing)
O2 - BHO: (no name) - {38EAE9DF-6F48-4852-BA72-E2D30D52E2D0} - C:\WINDOWS\system32\geBQJcBT.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7186704C-C78F-425D-80DC-17A8E83F246F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7bbd1924-b8a3-4b9b-8744-ce8b718640ff} - (no file)
O2 - BHO: (no name) - {7F583A2A-C70E-4124-8A99-86FB37376AA3} - C:\WINDOWS\system32\yayWnmMF.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O2 - BHO: (no name) - {D231A04C-D4B9-4598-A340-2B9477A68C30} - C:\WINDOWS\system32\efcCrSjg.dll (file missing)
O2 - BHO: (no name) - {FD448CF7-4807-4642-83A2-5C46F126A3ED} - C:\WINDOWS\system32\xxyawvWm.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [380352fe] rundll32.exe "C:\WINDOWS\system32\ibtkkqbn.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD7973] cmd /c del "C:\WINDOWS\system32\ibtkkqbn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4927] command /c del "C:\WINDOWS\system32\dbsdrera.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1872] cmd /c del "C:\WINDOWS\system32\dbsdrera.dll_old"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222087542765
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...c9/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: jkkIXpMf - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 9092 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03B8848D-EBB2-4445-A334-A07426609133}]
C:\WINDOWS\system32\nnnKDVpO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{059E7991-B67F-49F6-ADF9-71269613EC72}]
C:\WINDOWS\system32\xxyvwWmM.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08AB940A-A17A-4807-B039-71469C0DFB0C}]
C:\WINDOWS\system32\cbXRKEwv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B07F5FF-8B66-4367-99CC-2898CCEF6EF6}]
C:\WINDOWS\system32\rqRJCUmL.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B017367-E279-4E75-BBCA-644AEC1146F5}]
C:\WINDOWS\system32\iifgFxut.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38EAE9DF-6F48-4852-BA72-E2D30D52E2D0}]
C:\WINDOWS\system32\geBQJcBT.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7186704C-C78F-425D-80DC-17A8E83F246F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7bbd1924-b8a3-4b9b-8744-ce8b718640ff}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F583A2A-C70E-4124-8A99-86FB37376AA3}]
C:\WINDOWS\system32\yayWnmMF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-05 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-07-29 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-13 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53}]
CPub Object - C:\Program Files\FireTrust\SiteHound\SiteHound.dll [2008-03-13 1592416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D231A04C-D4B9-4598-A340-2B9477A68C30}]
C:\WINDOWS\system32\efcCrSjg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD448CF7-4807-4642-83A2-5C46F126A3ED}]
C:\WINDOWS\system32\xxyawvWm.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-05 2055960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-07-29 2403392]
{73F7F495-A325-4C52-BE48-5F97FA511E89} - SiteHound - C:\Program Files\FireTrust\SiteHound\SiteHound.dll [2008-03-13 1592416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-29 1234712]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
"380352fe"=C:\WINDOWS\system32\ibtkkqbn.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Spybot - Search & Destroy"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 4891472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-01 68856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD7973"=cmd /c del C:\WINDOWS\system32\ibtkkqbn.dll_old []
"SpybotDeletingB4927"=command /c del C:\WINDOWS\system32\dbsdrera.dll_old []
"SpybotDeletingD1872"=cmd /c del C:\WINDOWS\system32\dbsdrera.dll_old []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkIXpMf]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\xxyvwWmM

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-10-08 10:14:57 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-10-08 10:14:50 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2008-10-08 10:04:43 ----D---- C:\Documents and Settings\Matt.MATT-255781CAAD\Application Data\SiteHound
2008-10-08 10:04:40 ----D---- C:\Program Files\FireTrust
2008-10-08 06:42:23 ----D---- C:\WINDOWS\Temp
2008-10-06 09:46:04 ----D---- C:\rsit
2008-10-06 08:28:48 ----D---- C:\Documents and Settings\Matt.MATT-255781CAAD\Application Data\Malwarebytes
2008-10-06 08:28:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-06 08:28:44 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-04 20:59:06 ----D---- C:\32788R22FWJFW
2008-10-02 06:45:21 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-02 06:45:20 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-25 08:39:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-20 10:40:30 ----D---- C:\Documents and Settings\Matt.MATT-255781CAAD\Application Data\Leadertech
2008-09-10 11:56:58 ----D---- C:\Program Files\Freeze.com
2008-09-10 06:59:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 06:58:39 ----D---- C:\Program Files\Bonjour
2008-09-10 05:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 05:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 16:48:13 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-09-09 16:48:13 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-09-09 16:48:13 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-09-09 16:48:13 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-09-09 16:48:09 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-09-09 16:48:08 ----A---- C:\WINDOWS\system32\kbd106.dll

======List of files/folders modified in the last 1 months======

2008-10-08 22:14:04 ----D---- C:\WINDOWS\Prefetch
2008-10-08 22:09:40 ----D---- C:\WINDOWS
2008-10-08 21:36:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-08 15:39:23 ----D---- C:\Program Files\LimeWire
2008-10-08 12:51:50 ----RAD---- C:\Program Files
2008-10-08 10:14:50 ----AD---- C:\WINDOWS\system32
2008-10-08 06:43:02 ----DC---- C:\WINDOWS\system32\dllcache
2008-10-08 06:42:55 ----D---- C:\WINDOWS\Help
2008-10-08 06:42:38 ----RSD---- C:\WINDOWS\Fonts
2008-10-08 06:42:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-06 09:06:04 ----HD---- C:\$AVG8.VAULT$
2008-10-06 08:36:24 ----A---- C:\WINDOWS\dellstat.ini
2008-10-06 08:30:23 ----D---- C:\WINDOWS\system32\drivers
2008-10-03 09:47:54 ----D---- C:\DELL
2008-10-02 16:27:07 ----HD---- C:\WINDOWS\inf
2008-10-02 16:17:46 ----SHD---- C:\WINDOWS\Installer
2008-10-02 16:17:46 ----SHD---- C:\Config.Msi
2008-10-02 09:42:47 ----D---- C:\Program Files\Trend Micro
2008-10-01 12:27:10 ----RSD---- C:\WINDOWS\assembly
2008-10-01 12:27:10 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-01 10:15:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-01 10:15:19 ----D---- C:\WINDOWS\WinSxS
2008-10-01 09:57:08 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-30 10:10:54 ----D---- C:\Documents and Settings
2008-09-29 08:34:25 ----SD---- C:\WINDOWS\Tasks
2008-09-28 19:09:35 ----A---- C:\WINDOWS\wininit.ini
2008-09-25 09:05:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-09-22 08:45:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-20 12:05:00 ----D---- C:\WINDOWS\network diagnostic
2008-09-20 10:37:22 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-10 07:07:29 ----D---- C:\Program Files\Apple Software Update
2008-09-10 06:59:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-10 06:59:38 ----D---- C:\Program Files\iTunes
2008-09-10 06:59:25 ----D---- C:\Program Files\iPod
2008-09-10 06:58:16 ----D---- C:\Program Files\QuickTime
2008-09-10 05:01:26 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-05 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-05 76040]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-03-05 60949]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-12 12160]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 spkrmon;spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [2003-08-28 61440]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 dlbu_device;dlbu_device; C:\WINDOWS\system32\dlbucoms.exe [2004-07-01 421888]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-29 138168]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
 
Hi Matt20

OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below.
Code: 
:processes
explorer.exe 
:files
C:\WINDOWS\system32\nnnKDVpO.dll
C:\WINDOWS\system32\xxyvwWmM.dll
C:\WINDOWS\system32\cbXRKEwv.dll 
C:\WINDOWS\system32\rqRJCUmL.dll 
C:\WINDOWS\system32\iifgFxut.dll 
C:\WINDOWS\system32\geBQJcBT.dll 
C:\WINDOWS\system32\yayWnmMF.dll 
C:\WINDOWS\system32\efcCrSjg.dll 
C:\WINDOWS\system32\xxyawvWm.dll 
C:\WINDOWS\system32\ibtkkqbn.dll 
C:\WINDOWS\system32\ibtkkqbn.dll_old
C:\WINDOWS\system32\dbsdrera.dll_old 
C:\WINDOWS\system32\dbsdrera.dll_old
C:\32788R22FWJFW
C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\WINDOWS\Temp

:reg 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03B8848D-EBB2-4445-A334-A07426609133}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{059E7991-B67F-49F6-ADF9-71269613EC72}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08AB940A-A17A-4807-B039-71469C0DFB0C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B07F5FF-8B66-4367-99CC-2898CCEF6EF6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B017367-E279-4E75-BBCA-644AEC1146F5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38EAE9DF-6F48-4852-BA72-E2D30D52E2D0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7186704C-C78F-425D-80DC-17A8E83F246F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7bbd1924-b8a3-4b9b-8744-ce8b718640ff}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F583A2A-C70E-4124-8A99-86FB37376AA3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D231A04C-D4B9-4598-A340-2B9477A68C30}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD448CF7-4807-4642-83A2-5C46F126A3ED}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"380352fe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkIXpMf]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\  lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

:commands
[emptytemp] 
[start explorer]
  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

Then rerun Malwarebytes Anti-Malware like you did earlier......

Please reply with

1. the OTMoveIt3 Log
2. the Malwarebytes' Anti-Malware Log
3. a fresh HijackThis log
 
ot moveit log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\nnnKDVpO.dll not found.
File/Folder C:\WINDOWS\system32\xxyvwWmM.dll not found.
File/Folder C:\WINDOWS\system32\cbXRKEwv.dll not found.
File/Folder C:\WINDOWS\system32\rqRJCUmL.dll not found.
File/Folder C:\WINDOWS\system32\iifgFxut.dll not found.
File/Folder C:\WINDOWS\system32\geBQJcBT.dll not found.
File/Folder C:\WINDOWS\system32\yayWnmMF.dll not found.
File/Folder C:\WINDOWS\system32\efcCrSjg.dll not found.
File/Folder C:\WINDOWS\system32\xxyawvWm.dll not found.
File/Folder C:\WINDOWS\system32\ibtkkqbn.dll not found.
File/Folder C:\WINDOWS\system32\ibtkkqbn.dll_old not found.
File/Folder C:\WINDOWS\system32\dbsdrera.dll_old not found.
File/Folder C:\WINDOWS\system32\dbsdrera.dll_old not found.
C:\32788R22FWJFW moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} moved successfully.
C:\WINDOWS\Temp moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03B8848D-EBB2-4445-A334-A07426609133}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{059E7991-B67F-49F6-ADF9-71269613EC72}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08AB940A-A17A-4807-B039-71469C0DFB0C}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B07F5FF-8B66-4367-99CC-2898CCEF6EF6}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B017367-E279-4E75-BBCA-644AEC1146F5}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38EAE9DF-6F48-4852-BA72-E2D30D52E2D0}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7186704C-C78F-425D-80DC-17A8E83F246F}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7bbd1924-b8a3-4b9b-8744-ce8b718640ff}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F583A2A-C70E-4124-8A99-86FB37376AA3}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D231A04C-D4B9-4598-A340-2B9477A68C30}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD448CF7-4807-4642-83A2-5C46F126A3ED}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkIXpMf\\ deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\ lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\MATT~1.MAT\LOCALS~1\Temp\Perflib_Perfdata_9fc.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MATT~1.MAT\LOCALS~1\Temp\Perflib_Perfdata_a28.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MATT~1.MAT\LOCALS~1\Temp\Perflib_Perfdata_e40.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10092008_082646

Files moved on Reboot...
File C:\DOCUME~1\MATT~1.MAT\LOCALS~1\Temp\Perflib_Perfdata_9fc.dat not found!
File C:\DOCUME~1\MATT~1.MAT\LOCALS~1\Temp\Perflib_Perfdata_a28.dat not found!
File C:\DOCUME~1\MATT~1.MAT\LOCALS~1\Temp\Perflib_Perfdata_e40.dat not found!
 
malware

Malwarebytes' Anti-Malware 1.28
Database version: 1246
Windows 5.1.2600 Service Pack 3

10/9/2008 9:32:57 AM
mbam-log-2008-10-09 (09-32-57).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 166508
Time elapsed: 51 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\380352fe (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:44 AM, on 10/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [380352fe] rundll32.exe "C:\WINDOWS\system32\ibtkkqbn.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD7973] cmd /c del "C:\WINDOWS\system32\ibtkkqbn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4927] command /c del "C:\WINDOWS\system32\dbsdrera.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1872] cmd /c del "C:\WINDOWS\system32\dbsdrera.dll_old"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222087542765
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...c9/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 6594 bytes
 
Hi Matt20

1 - Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [380352fe] rundll32.exe "C:\WINDOWS\system32\ibtkkqbn.dll",b
      O4 - HKCU\..\RunOnce: [SpybotDeletingD7973] cmd /c del "C:\WINDOWS\system32\ibtkkqbn.dll_old"
      O4 - HKCU\..\RunOnce: [SpybotDeletingB4927] command /c del "C:\WINDOWS\system32\dbsdrera.dll_old"
      O4 - HKCU\..\RunOnce: [SpybotDeletingD1872] cmd /c del "C:\WINDOWS\system32\dbsdrera.dll_old"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

2 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the Kaspersky online scanner report
2. a fresh HijackThis log
description of any problems you are having with your PC

Thanks peku006
 
Hi Matt20
Don´t worry if you don´t have those
Please do that online scan with Kaspersky

Please reply with

1. the Kaspersky online scanner report
2. a fresh HijackThis log


Thanks peku006
 
Hello!

Do you still need help

It has been three days since my last post.

Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?

Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!
 
Matt20, this topic has been archived due to inactivity.

As it has been five days or more since your last post, and your helper posted a response to which you did not reply, this topic has been archived and will not be reopened.

Thank you peku006. :)
 
You must log in or register to reply here.
Back
Top