I just joined the Virtumonde Train

E

emschultz

New member
Hello there folks. I am a new member and I just found out I could receive help here. And for your viewing pleasure I shall lend you my HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:41 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
e:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\iTunes\iTunesHelper.exe
e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Last.fm\LastFM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\rundll32.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: {86deebe4-1377-df89-5a14-2578b183a6e4} - {4e6a381b-8752-41a5-98fd-77314ebeed68} - C:\WINDOWS\system32\fwdhnx.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efcYoPGy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7f801757-b30a-4405-931e-0f605e5cee45} - C:\WINDOWS\system32\fizelugo.dll
O2 - BHO: (no name) - {EFB41B8D-1EC2-498E-A185-4662C33609CD} - C:\WINDOWS\system32\xxyvsTkj.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [papigiyupe] Rundll32.exe "C:\WINDOWS\system32\fawuruvo.dll",s
O4 - HKLM\..\Run: [eb6d77c6] rundll32.exe "C:\WINDOWS\system32\nguqamab.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKUS\S-1-5-19\..\Run: [papigiyupe] Rundll32.exe "C:\WINDOWS\system32\fawuruvo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [papigiyupe] Rundll32.exe "C:\WINDOWS\system32\fawuruvo.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1216251414875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{501377E0-3AA2-466E-AC82-2D93D753F775}: NameServer = 4.2.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{501377E0-3AA2-466E-AC82-2D93D753F775}: NameServer = 4.2.2.1
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\vajozesi.dll fwdhnx.dll
O20 - Winlogon Notify: efcYoPGy - C:\WINDOWS\SYSTEM32\efcYoPGy.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7582 bytes

Thanks for any and all help you folks may have for me.
 
two days ago, i decided to run virtumundobegone to see if that may help and ill post the log from that now.

[12/21/2008, 19:39:12] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\eric\Desktop\VirtumundoBeGone.exe" )
[12/21/2008, 19:40:07] - Detected System Information:
[12/21/2008, 19:40:07] - Windows Version: 5.1.2600, Service Pack 3
[12/21/2008, 19:40:07] - Current Username: eric (Admin)
[12/21/2008, 19:40:07] - Windows is in NORMAL mode.
[12/21/2008, 19:40:07] - Searching for Browser Helper Objects:
[12/21/2008, 19:40:07] - BHO 1: {2705D56B-F13E-4067-A223-0693DC74F296} ()
[12/21/2008, 19:40:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/21/2008, 19:40:07] - Checking for HKLM\...\Winlogon\Notify\xxyvsTkj
[12/21/2008, 19:40:07] - Key not found: HKLM\...\Winlogon\Notify\xxyvsTkj, continuing.
[12/21/2008, 19:40:07] - BHO 2: {4e6a381b-8752-41a5-98fd-77314ebeed68} ()
[12/21/2008, 19:40:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/21/2008, 19:40:07] - Checking for HKLM\...\Winlogon\Notify\fwdhnx
[12/21/2008, 19:40:07] - Key not found: HKLM\...\Winlogon\Notify\fwdhnx, continuing.
[12/21/2008, 19:40:07] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[12/21/2008, 19:40:07] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/21/2008, 19:40:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/21/2008, 19:40:07] - Checking for HKLM\...\Winlogon\Notify\efcYoPGy
[12/21/2008, 19:40:07] - Found: HKLM\...\Winlogon\Notify\efcYoPGy - This is probably Virtumundo.
[12/21/2008, 19:40:07] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/21/2008, 19:40:07] - BHO list has been changed! Starting over...
[12/21/2008, 19:40:07] - BHO 1: {2705D56B-F13E-4067-A223-0693DC74F296} ()
[12/21/2008, 19:40:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/21/2008, 19:40:07] - Checking for HKLM\...\Winlogon\Notify\xxyvsTkj
[12/21/2008, 19:40:07] - Key not found: HKLM\...\Winlogon\Notify\xxyvsTkj, continuing.
[12/21/2008, 19:40:07] - BHO 2: {4e6a381b-8752-41a5-98fd-77314ebeed68} ()
[12/21/2008, 19:40:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/21/2008, 19:40:08] - Checking for HKLM\...\Winlogon\Notify\fwdhnx
[12/21/2008, 19:40:08] - Key not found: HKLM\...\Winlogon\Notify\fwdhnx, continuing.
[12/21/2008, 19:40:08] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[12/21/2008, 19:40:08] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (MSEvents Object)
[12/21/2008, 19:40:08] - ALERT: Found MSEvents Object!
[12/21/2008, 19:40:08] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/21/2008, 19:40:08] - BHO 6: {7f801757-b30a-4405-931e-0f605e5cee45} ()
[12/21/2008, 19:40:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/21/2008, 19:40:08] - Checking for HKLM\...\Winlogon\Notify\fizelugo
[12/21/2008, 19:40:08] - Key not found: HKLM\...\Winlogon\Notify\fizelugo, continuing.
[12/21/2008, 19:40:08] - Finished Searching Browser Helper Objects
[12/21/2008, 19:40:08] - *** Detected MSEvents Object
[12/21/2008, 19:40:08] - Trying to remove MSEvents Object...
[12/21/2008, 19:40:09] - Terminating Process: IEXPLORE.EXE
[12/21/2008, 19:40:09] - Terminating Process: RUNDLL32.EXE
[12/21/2008, 19:40:10] - Disabling Automatic Shell Restart
[12/21/2008, 19:40:10] - Terminating Process: EXPLORER.EXE
[12/21/2008, 19:40:10] - Suspending the NT Session Manager System Service
[12/21/2008, 19:40:11] - Terminating Windows NT Logon/Logoff Manager
[12/21/2008, 19:40:11] - Re-enabling Automatic Shell Restart
[12/21/2008, 19:40:11] - File to disable: C:\WINDOWS\system32\efcYoPGy.dll
[12/21/2008, 19:40:11] - Renaming C:\WINDOWS\system32\efcYoPGy.dll -> C:\WINDOWS\system32\efcYoPGy.dll.vir
[12/21/2008, 19:40:12] - File successfully renamed!
[12/21/2008, 19:40:12] - Removing HKLM\...\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/21/2008, 19:40:12] - Removing HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/21/2008, 19:40:12] - Adding Kill Bit for ActiveX for GUID: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/21/2008, 19:40:12] - Deleting ATLEvents/MSEvents Registry entries
[12/21/2008, 19:40:12] - Removing HKLM\...\Winlogon\Notify\efcYoPGy
[12/21/2008, 19:40:13] - Searching for Browser Helper Objects:
[12/21/2008, 19:40:13] - BHO 1: {2705D56B-F13E-4067-A223-0693DC74F296} ()
[12/21/2008, 19:40:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/21/2008, 19:40:13] - Checking for HKLM\...\Winlogon\Notify\xxyvsTkj
[12/21/2008, 19:40:13] - Key not found: HKLM\...\Winlogon\Notify\xxyvsTkj, continuing.
[12/21/2008, 19:40:13] - BHO 2: {4e6a381b-8752-41a5-98fd-77314ebeed68} ()
[12/21/2008, 19:40:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/21/2008, 19:40:13] - Checking for HKLM\...\Winlogon\Notify\fwdhnx
[12/21/2008, 19:40:13] - Key not found: HKLM\...\Winlogon\Notify\fwdhnx, continuing.
[12/21/2008, 19:40:13] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[12/21/2008, 19:40:13] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/21/2008, 19:40:13] - BHO 5: {7f801757-b30a-4405-931e-0f605e5cee45} ()
[12/21/2008, 19:40:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/21/2008, 19:40:13] - Checking for HKLM\...\Winlogon\Notify\fizelugo
[12/21/2008, 19:40:13] - Key not found: HKLM\...\Winlogon\Notify\fizelugo, continuing.
[12/21/2008, 19:40:13] - Finished Searching Browser Helper Objects
[12/21/2008, 19:40:14] - Finishing up...
[12/21/2008, 19:40:14] - A restart is needed.
[12/21/2008, 19:40:45] - Attempting to Restart via STOP error (Blue Screen!)

[12/21/2008, 19:48:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\eric\Desktop\VirtumundoBeGone.exe" )
[12/21/2008, 19:48:55] - Detected System Information:
[12/21/2008, 19:48:55] - Windows Version: 5.1.2600, Service Pack 3
[12/21/2008, 19:48:55] - Current Username: eric (Admin)
[12/21/2008, 19:48:55] - Windows is in NORMAL mode.
[12/21/2008, 19:48:55] - Searching for Browser Helper Objects:
[12/21/2008, 19:48:55] - BHO 1: {4e6a381b-8752-41a5-98fd-77314ebeed68} ()
[12/21/2008, 19:48:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/21/2008, 19:48:55] - Checking for HKLM\...\Winlogon\Notify\fwdhnx
[12/21/2008, 19:48:55] - Key not found: HKLM\...\Winlogon\Notify\fwdhnx, continuing.
[12/21/2008, 19:48:55] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[12/21/2008, 19:48:55] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/21/2008, 19:48:55] - BHO 4: {7f801757-b30a-4405-931e-0f605e5cee45} ()
[12/21/2008, 19:48:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/21/2008, 19:48:55] - Checking for HKLM\...\Winlogon\Notify\fizelugo
[12/21/2008, 19:48:55] - Key not found: HKLM\...\Winlogon\Notify\fizelugo, continuing.
[12/21/2008, 19:48:55] - BHO 5: {C613D6B3-F4E3-4454-8594-8C6EE57144E6} ()
[12/21/2008, 19:48:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/21/2008, 19:48:56] - Checking for HKLM\...\Winlogon\Notify\xxyvsTkj
[12/21/2008, 19:48:56] - Key not found: HKLM\...\Winlogon\Notify\xxyvsTkj, continuing.
[12/21/2008, 19:48:56] - Finished Searching Browser Helper Objects
[12/21/2008, 19:48:56] - Finishing up...
[12/21/2008, 19:48:56] - Nothing found! Exiting...

and then just now my computer froze and i restarted it and i received an error message stating "Error loading C:\WINDOWS\system32\fawuruvo.dll The specified module could not be found."

hopefully this shall help you.
 
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.

I apologize for the wait, volunteers are swamped at all forums with infected computers. If you have resolved your issues, please post to let me know so I can close this topic.
Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. Also, helpers may think you are already being assisted because of the post count.
Click to expand...
Do NOT run 'FIXES' before helpers have analyzed the HJT log
http://forums.spybot.info/showthread.php?t=16806
Click to expand...

If you still need help, read the directions and follow them. Since this log is a week old, post a fresh HJT log, describe any symptoms, post any error messages word for word and add any comments you think will help.

Thanks
 
updated hjt log

here is the updated hjt log as you requested.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:20 PM, on 12/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
e:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\iTunes\iTunesHelper.exe
e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\uTorrent\uTorrent.exe
e:\Program Files\VideoLAN\VLC\vlc.exe
E:\Program Files\iTunes\iTunes.exe
E:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7f801757-b30a-4405-931e-0f605e5cee45} - C:\WINDOWS\system32\benuyopa.dll
O2 - BHO: (no name) - {E477CF3B-7BE4-49BD-BC9F-F20B4787FC1E} - C:\WINDOWS\system32\xxyvsTkj.dll (file missing)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [papigiyupe] Rundll32.exe "C:\WINDOWS\system32\wilumoni.dll",s
O4 - HKLM\..\Run: [eb6d77c6] rundll32.exe "C:\WINDOWS\system32\mugugusu.dll",b
O4 - HKLM\..\Run: [CPMe85e445a] Rundll32.exe "C:\WINDOWS\system32\kezahopi.dll",a
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1216251414875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{501377E0-3AA2-466E-AC82-2D93D753F775}: NameServer = 4.2.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{501377E0-3AA2-466E-AC82-2D93D753F775}: NameServer = 4.2.2.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\kilitajo.dll c:\windows\system32\kezahopi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kezahopi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kezahopi.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 6995 bytes
 
describe any symptoms, post any error messages word for word and add any comments you think will help.
Click to expand...
Hard for me to believe that you have an infected computer and nothing to say?

1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
 
I apologize for not mentioning extra symptoms. If you are still curious, my computer would generate many pop-ups, my processor would occasionally slow, and my avast! would tell me that I had different .dll's infected with trojans. I'm also sorry for not being able to put any of the error messages I had up as they are not showing up at this time.

Here is the combofix.txt:

ComboFix 08-12-28.01 - eric 2008-12-28 17:52:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1410 [GMT -5:00]
Running from: c:\documents and settings\eric\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 081228-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\eric\Application Data\inst.exe
c:\windows\system32\akiwifef.ini
c:\windows\system32\bamaqugn.ini
c:\windows\system32\benuyopa.dll
c:\windows\system32\byjsycwa.ini
c:\windows\system32\cotcax.dll
c:\windows\system32\dabivomi.dll
c:\windows\system32\degdchhm.dll
c:\windows\system32\dokelazi.dll
c:\windows\system32\efcYoPGy.dll.vir
c:\windows\system32\enanowan.ini
c:\windows\system32\enurubof.ini
c:\windows\system32\etejulin.ini
c:\windows\system32\fahihufo.dll
c:\windows\system32\fihonabe.dll
c:\windows\system32\foburune.dll
c:\windows\system32\fwdhnx.dll
c:\windows\system32\geligehu.dll
c:\windows\system32\gisekaki.dll
c:\windows\system32\gvlhgj.dll
c:\windows\system32\ifofigit.ini
c:\windows\system32\ifoyikun.ini
c:\windows\system32\ikakesig.ini
c:\windows\system32\iniduzug.ini
c:\windows\system32\iymvpioh.dll
c:\windows\system32\jasafusa.dll
c:\windows\system32\jkTsvyxx.ini
c:\windows\system32\jkTsvyxx.ini2
c:\windows\system32\jojufoho.dll
c:\windows\system32\jqoqexaa.ini
c:\windows\system32\kezahopi.dll
c:\windows\system32\kilitajo.dll
c:\windows\system32\ljJCtrPj.dll
c:\windows\system32\mugugusu.dll
c:\windows\system32\nexhiz.dll
c:\windows\system32\nilujete.dll
c:\windows\system32\nukiyofi.dll
c:\windows\system32\ofuhihaf.ini
c:\windows\system32\ohofujoj.ini
c:\windows\system32\pdvgyvmj.ini
c:\windows\system32\pmgcqsmn.dll
c:\windows\system32\seruyone.dll
c:\windows\system32\tasijapo.dll
c:\windows\system32\tepusiga.dll
c:\windows\system32\tigifofi.dll
c:\windows\system32\tusiheku.dll
c:\windows\system32\ugurobow.ini
c:\windows\system32\uhegileg.ini
c:\windows\system32\ukehisut.ini
c:\windows\system32\usugugum.ini
c:\windows\system32\uvipiluz.ini
c:\windows\system32\uyohugir.ini
c:\windows\system32\vopereso.dll
c:\windows\system32\wblskprv.ini
c:\windows\system32\wilumoni.dll
c:\windows\system32\woborugu.dll
c:\windows\system32\yafpubpv.dll
c:\windows\system32\yukefoya.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.

2008-12-28 00:36 . 2008-12-27 10:17 96,026 --------- c:\windows\system32\trz56.tmp
2008-12-21 19:24 . 2008-12-21 19:24 <DIR> d-------- C:\VundoFix Backups
2008-12-20 12:56 . 2008-12-20 14:14 149 --a------ c:\windows\wininit.ini
2008-12-15 12:05 . 2008-12-15 12:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-12-15 12:04 . 2008-12-15 12:04 <DIR> d-------- c:\program files\BFG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 22:55 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-12-28 22:28 --------- d-----w c:\documents and settings\eric\Application Data\uTorrent
2008-12-26 21:59 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-26 21:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-16 20:28 --------- d-----w c:\documents and settings\eric\Application Data\OpenOffice.org2
2008-12-13 02:22 --------- d-----w c:\documents and settings\eric\Application Data\Vso
2008-11-26 08:35 --------- d-----w c:\program files\iPod
2008-11-26 08:35 --------- d-----w c:\program files\Common Files\Apple
2008-11-26 08:35 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 08:33 --------- d-----w c:\program files\QuickTime
2008-08-07 20:55 47,360 ----a-w c:\documents and settings\eric\Application Data\pcouffin.sys
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2008-09-20 19:07 80,896 --sha-w c:\windows\system32\jiweyiyi.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"e:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"e:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"e:\\Program Files\\EA GAMES\\MOHAA\\MOHAA_server.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"e:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-16 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-16 20560]
R3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;c:\windows\system32\DRIVERS\wg311nd5.sys [2008-07-16 344448]
S3 AWINDIS5;AWINDIS5 Protocol Driver;\??\c:\windows\system32\AWINDIS5.SYS [2008-07-16 16194]
.
Contents of the 'Scheduled Tasks' folder

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-28 c:\windows\Tasks\mbaqwynl.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]

2008-12-22 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- e:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 08:42]

2008-12-22 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- e:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-07-07 08:42]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7f801757-b30a-4405-931e-0f605e5cee45} - c:\windows\system32\benuyopa.dll
BHO-{E477CF3B-7BE4-49BD-BC9F-F20B4787FC1E} - c:\windows\system32\xxyvsTkj.dll


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: {501377E0-3AA2-466E-AC82-2D93D753F775} = 4.2.2.1

c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
FF - ProfilePath - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\qocdmcq6.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - component: c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\qocdmcq6.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
FF - plugin: e:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\program files\VideoLAN\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 17:55:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
e:\program files\Alwil Software\Avast4\aswUpdSv.exe
e:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\searchindexer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
e:\program files\Alwil Software\Avast4\ashMaiSv.exe
e:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-12-28 17:57:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-28 22:57:48

Pre-Run: 21,378,748,416 bytes free
Post-Run: 21,430,960,128 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

215 --- E O F --- 2008-12-21 21:03:25

and here is the updated hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:49 PM, on 12/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
e:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1216251414875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{501377E0-3AA2-466E-AC82-2D93D753F775}: NameServer = 4.2.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{501377E0-3AA2-466E-AC82-2D93D753F775}: NameServer = 4.2.2.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 5982 bytes

And here is my uninstall list:

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
AIM 6
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
avast! Antivirus
Bonjour
ConvertXtoDVD 3.1.3.40
FoxyTunes for Firefox
GameSpy Arcade
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 4
Last.fm 1.5.2.38918
Logitech Audio Echo Cancellation Component
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Medal of Honor Allied Assault
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MVision
MVision
NETGEAR WG311 Wireless PCI Adapter
OpenOffice.org 2.4
Peggle (remove only)
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SoundMAX
Spybot - Search & Destroy
SUPER © Version 2008.bld.32 (July 8, 2008)
System Requirements Lab
Uniblue RegistryBooster 2
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VideoLAN VLC media player 0.8.6i
Virtual DJ - Atomix Productions
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger
 
OK and thanks for that feedback, I have found these remote repairs go better if there is some communication.
You can see under "Other Deletions" the junk that was causing your problems. Please read and follow the directions carefully and in the numbered order.

uTorrent <<< p2p program, see this:
http://forums.spybot.info/showthread.php?t=282
If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
Click to expand...
I will scheduled removal with combofix, you may remove it from the fix but I would have to suspend all help at that point.

1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

2) Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
c:\windows\system32\trz56.tmp
c:\windows\system32\jiweyiyi.dll
c:\windows\Tasks\mbaqwynl.job

Folder::
C:\VundoFix Backups
c:\documents and settings\All Users\Application Data\Trymedia
c:\documents and settings\eric\Application Data\uTorrent
c:\documents and settings\All Users\Application Data\Viewpoint

Save this as CFScript

CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

3) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

4) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the log from CFScript and the log from MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html

How is the computer running now?

Thanks

This can be done as time permits, but it is very important.
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.

Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

Java(TM) 6 Update 4 <<< out of date and dangerous, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php
 
Thanks for all your help. My computer seems to be working quite well now!

Here is the combofix.txt:

ComboFix 08-12-28.01 - eric 2008-12-28 19:00:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1482 [GMT -5:00]
Running from: c:\documents and settings\eric\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\eric\Desktop\cfscript.txt
AV: avast! antivirus 4.8.1296 [VPS 081228-0] *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\jiweyiyi.dll
c:\windows\system32\trz56.tmp
c:\windows\Tasks\mbaqwynl.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Trymedia
c:\documents and settings\All Users\Application Data\Trymedia\data\{6C4C809E-1E66-035D-0092-4FC35BEB81EC}
c:\documents and settings\All Users\Application Data\Trymedia\data\{6DF076E0-A580-4015-C574-62F36B5A6192}
c:\documents and settings\All Users\Application Data\Trymedia\data\{B3213584-C4F7-3953-52CA-73ED2CC9EF6F}
c:\documents and settings\All Users\Application Data\Trymedia\data\{FDDA6471-7CA6-492E-BF27-96C6829429C5}
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\eric\Application Data\uTorrent
c:\documents and settings\eric\Application Data\uTorrent\2001 - Petestrumentals - Pete Rock.torrent
c:\documents and settings\eric\Application Data\uTorrent\30 Days Of Night.torrent
c:\documents and settings\eric\Application Data\uTorrent\30.Days.Of.Night[2007]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\eric\Application Data\uTorrent\311 Discography.1.torrent
c:\documents and settings\eric\Application Data\uTorrent\311 Discography.torrent
c:\documents and settings\eric\Application Data\uTorrent\3OH!3.torrent
c:\documents and settings\eric\Application Data\uTorrent\9th_Wonder_&_Murs-Sweet_Lord-2008-MIXFIEND.torrent
c:\documents and settings\eric\Application Data\uTorrent\A Very Great Selection Of The Electronic Dance Music [by ModestasM].torrent
c:\documents and settings\eric\Application Data\uTorrent\Afterdark.torrent
c:\documents and settings\eric\Application Data\uTorrent\Alan Moore's The Watchmen.torrent
c:\documents and settings\eric\Application Data\uTorrent\Amon Amarth - Twilight of the Thunder God (2008).torrent
c:\documents and settings\eric\Application Data\uTorrent\Armin van Buuren - A COMPLETE State of Trance 2006.torrent
c:\documents and settings\eric\Application Data\uTorrent\Atmosphere.torrent
c:\documents and settings\eric\Application Data\uTorrent\Atomix Virtual DJ Professional 5.0 rev6.torrent
c:\documents and settings\eric\Application Data\uTorrent\Batman the animated series - Complete all in DIVX format.torrent
c:\documents and settings\eric\Application Data\uTorrent\Billy Idol-Greatest Hits-2001.torrent
c:\documents and settings\eric\Application Data\uTorrent\Bloc Party - 3 Albums [CHANNEL NEO].torrent
c:\documents and settings\eric\Application Data\uTorrent\Broken Social Scene - Broken Social Scene [Limited Edition] [2005].torrent
c:\documents and settings\eric\Application Data\uTorrent\buckshot and 9th wonder - the formula - 2008.torrent
c:\documents and settings\eric\Application Data\uTorrent\Burn Notice ipod.torrent
c:\documents and settings\eric\Application Data\uTorrent\Burn Notice S02E05 iPod.mp4.torrent
c:\documents and settings\eric\Application Data\uTorrent\Burn Notice S02E06 Bad Blood iPod.mp4.torrent
c:\documents and settings\eric\Application Data\uTorrent\Burn Notice S02E07 Rough Seas iPod.mp4.torrent
c:\documents and settings\eric\Application Data\uTorrent\Burn Notice S02E08 Double Booked.mp4.torrent
c:\documents and settings\eric\Application Data\uTorrent\Burn Notice S02E09 Good Soldier iPod.mp4.torrent
c:\documents and settings\eric\Application Data\uTorrent\Charlie Bartlett[2007]DvDrip[Eng]-FXG.torrent
c:\documents and settings\eric\Application Data\uTorrent\Citizen Cope.torrent
c:\documents and settings\eric\Application Data\uTorrent\Courage the Cowardly Dog.torrent
c:\documents and settings\eric\Application Data\uTorrent\De La Soul.torrent
c:\documents and settings\eric\Application Data\uTorrent\Dexter.S03E02.Finding.Freebo.640kbps.torrent
c:\documents and settings\eric\Application Data\uTorrent\Dexter.S03E03.640kbps.The.Lion.Sleeps.Tonight.torrent
c:\documents and settings\eric\Application Data\uTorrent\Dexter.S03E04.640Kbps.All.in.the.Family.torrent
c:\documents and settings\eric\Application Data\uTorrent\Dexter.S03E05.640kbps.Turning.Biminese.torrent
c:\documents and settings\eric\Application Data\uTorrent\Dexter.S03E06.640kbps.Si.Se.Puede.torrent
c:\documents and settings\eric\Application Data\uTorrent\Dexter.S03E07.640kbps.Easy.As.Pie.torrent
c:\documents and settings\eric\Application Data\uTorrent\Dexter.S03E08.640kbps.The.Damage.A.Man.Can.Do.torrent
c:\documents and settings\eric\Application Data\uTorrent\Dexter.S03E09.About.Last.Night.torrent
c:\documents and settings\eric\Application Data\uTorrent\Dexter.S03E10.640kbps.Go.Your.Own.Way.torrent
c:\documents and settings\eric\Application Data\uTorrent\Dexter.S03E11.640kbps.I.Had.A.Dream.torrent
c:\documents and settings\eric\Application Data\uTorrent\Dexter.S03E12.640kbps.Do.You.Take.Dexter.Morgan.torrent
c:\documents and settings\eric\Application Data\uTorrent\Dexter.Season.2.Complete.torrent
c:\documents and settings\eric\Application Data\uTorrent\dht.dat
c:\documents and settings\eric\Application Data\uTorrent\dht.dat.old
c:\documents and settings\eric\Application Data\uTorrent\Dimmu Borgir - Discografia [www.heavytorrents.org].torrent
c:\documents and settings\eric\Application Data\uTorrent\Dj Tiesto.1.torrent
c:\documents and settings\eric\Application Data\uTorrent\Dj Tiesto.torrent
c:\documents and settings\eric\Application Data\uTorrent\DMartin.torrent
c:\documents and settings\eric\Application Data\uTorrent\Don't Tread On Me.torrent
c:\documents and settings\eric\Application Data\uTorrent\Doomsday[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\documents and settings\eric\Application Data\uTorrent\Drillbit.Taylor[2008][Extended.Survival.Edition]DvDrip-aXXo.torrent
c:\documents and settings\eric\Application Data\uTorrent\Duran Duran - Greatest.torrent
c:\documents and settings\eric\Application Data\uTorrent\Flight Of The Conchords - HBO One Night Stand.avi.torrent
c:\documents and settings\eric\Application Data\uTorrent\Flight of the Conchords Ultimate Pack.torrent
c:\documents and settings\eric\Application Data\uTorrent\Frank Miller.torrent
c:\documents and settings\eric\Application Data\uTorrent\Gabriel & Dresden.torrent
c:\documents and settings\eric\Application Data\uTorrent\Gabriel And Dresden - Gabriel And Dresden(2006) - Trance[www.zonatorrent.com].rar.torrent
c:\documents and settings\eric\Application Data\uTorrent\Gang Starr.torrent
c:\documents and settings\eric\Application Data\uTorrent\General Fiction.torrent
c:\documents and settings\eric\Application Data\uTorrent\Global.Underground.The.Full.Series - www.trancezone.tv.pl.torrent
c:\documents and settings\eric\Application Data\uTorrent\Guilty Gear.torrent
c:\documents and settings\eric\Application Data\uTorrent\Guitar Hero World Tour Soundtrack.torrent
c:\documents and settings\eric\Application Data\uTorrent\Hot Chip - Made In The Dark (2008).torrent
c:\documents and settings\eric\Application Data\uTorrent\Iron Man 2008 DVD Rip.mp4.torrent
c:\documents and settings\eric\Application Data\uTorrent\Iron Man[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\eric\Application Data\uTorrent\Jesse Cook - Frontiers(2007) - YeOR.torrent
c:\documents and settings\eric\Application Data\uTorrent\John Legend - Get Lifted.[2004].[www.pctrecords.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\John Legend - Once Again.[Special Edition].[2007].[www.pctrecords.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\John_Legend-Evolver-(Deluxe_Edition)-2008 Resource RG by TheReids.torrent
c:\documents and settings\eric\Application Data\uTorrent\Junior Senior - D-D-Don't Don't Stop The Beat.rar.torrent
c:\documents and settings\eric\Application Data\uTorrent\Justice - Cross (2008) [Mp3][www.zonatorrent.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\Justice League (Unlimited).torrent
c:\documents and settings\eric\Application Data\uTorrent\Kiss.Kiss-Bang.Bang[2005]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\eric\Application Data\uTorrent\Lars.And.The.Real.Girl[2007]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\eric\Application Data\uTorrent\Layer.Cake.DvDrip[Eng].mp4.torrent
c:\documents and settings\eric\Application Data\uTorrent\Lykke_Li-Youth_Novel-2008-TRAMPOLiN.torrent
c:\documents and settings\eric\Application Data\uTorrent\Masta Ace - Disposable Arts.torrent
c:\documents and settings\eric\Application Data\uTorrent\Metalocalypse-S02E15-[ENG][webrip]-Dethdad_ITALFYAH_.avi.torrent
c:\documents and settings\eric\Application Data\uTorrent\Metalocalypse-S02E17-[ENG][webrip]-Dethrecord_ITALFYAH_.avi.torrent
c:\documents and settings\eric\Application Data\uTorrent\Metalocalypse-S02E18-[ENG][webrip]-Black Fire Upon Us_ITALFYAH_.avi.torrent
c:\documents and settings\eric\Application Data\uTorrent\Metalocalypse.s02e16.PROPER.XviD-webRIP.torrent
c:\documents and settings\eric\Application Data\uTorrent\Mitch Hedberg.torrent
c:\documents and settings\eric\Application Data\uTorrent\Mitch_Hedberg-Do_You_Believe_In_Gosh-2008-FTD.torrent
c:\documents and settings\eric\Application Data\uTorrent\Mos Def - Complete Discography.torrent
c:\documents and settings\eric\Application Data\uTorrent\Murs - Murs For President (2008) - Hip Hop.torrent
c:\documents and settings\eric\Application Data\uTorrent\Negramaro - Mentre tutto scorre.torrent
c:\documents and settings\eric\Application Data\uTorrent\Newspaper Comics.torrent
c:\documents and settings\eric\Application Data\uTorrent\Night Watch (English Version) Dvd Rip..avi.torrent
c:\documents and settings\eric\Application Data\uTorrent\Nirvana - Discography.torrent
c:\documents and settings\eric\Application Data\uTorrent\Nirvana Lounge Vol.3 - La Corporacion.torrent
c:\documents and settings\eric\Application Data\uTorrent\Paprika [Xvid DVDRip Jap EngSub][h33t] - polabar.torrent
c:\documents and settings\eric\Application Data\uTorrent\Peggle Deluxe + Crack [Full Version].rar.torrent
c:\documents and settings\eric\Application Data\uTorrent\Peggle Nights from PopCap Games.zip.torrent
c:\documents and settings\eric\Application Data\uTorrent\Presto - Pixar (2008).avi.torrent
c:\documents and settings\eric\Application Data\uTorrent\Pushing.Daisies.S02E01.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\Pushing.Daisies.S02E02.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\Pushing.Daisies.S02E03.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\Pushing.Daisies.S02E04.640kbps.Frescorts.torrent
c:\documents and settings\eric\Application Data\uTorrent\Pushing.Daisies.S02E05.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\Pushing.Daisies.S02E06.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\Pushing.Daisies.S02E07.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\Pushing.Daisies.S02E08.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\Pushing.Daisies.S02E09.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\Pushing.Daisies.S02E10.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\Pushing.Daisies.Season.1.[iPodTVNova.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\Ra Ra Riot.1.torrent
c:\documents and settings\eric\Application Data\uTorrent\Ra Ra Riot.torrent
c:\documents and settings\eric\Application Data\uTorrent\Rambo[2008]DvDrip-aXXo.torrent
c:\documents and settings\eric\Application Data\uTorrent\Ratatat - LP3 [2008].torrent
c:\documents and settings\eric\Application Data\uTorrent\ratatat discography.torrent
c:\documents and settings\eric\Application Data\uTorrent\Religulous.2008.DVDSCR.765Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\eric\Application Data\uTorrent\resume.dat
c:\documents and settings\eric\Application Data\uTorrent\resume.dat.old
c:\documents and settings\eric\Application Data\uTorrent\rss.dat
c:\documents and settings\eric\Application Data\uTorrent\rss.dat.old
c:\documents and settings\eric\Application Data\uTorrent\Rush.torrent
c:\documents and settings\eric\Application Data\uTorrent\serials.torrent
c:\documents and settings\eric\Application Data\uTorrent\settings.dat
c:\documents and settings\eric\Application Data\uTorrent\settings.dat.old
c:\documents and settings\eric\Application Data\uTorrent\Slightly Stoopid, The Complete.torrent
c:\documents and settings\eric\Application Data\uTorrent\Slightly_Stoopid-Closer_To_The_Sun-2005-KG.torrent
c:\documents and settings\eric\Application Data\uTorrent\Smashing Pumpkins.torrent
c:\documents and settings\eric\Application Data\uTorrent\Speed Racer DVD Rip.mp4.torrent
c:\documents and settings\eric\Application Data\uTorrent\Speed.Racer[2008]DvDrip-aXXo.torrent
c:\documents and settings\eric\Application Data\uTorrent\Stars - Do You Trust Your Friends [2007].torrent
c:\documents and settings\eric\Application Data\uTorrent\Street.Kings[2008]DvDrip-aXXo.torrent
c:\documents and settings\eric\Application Data\uTorrent\Sufjan Stevens - Come On Feel The Illinoise (2005).torrent
c:\documents and settings\eric\Application Data\uTorrent\Swat Kats (high quality).torrent
c:\documents and settings\eric\Application Data\uTorrent\Sweatshop Union.torrent
c:\documents and settings\eric\Application Data\uTorrent\SXSW_2006_Showcasing_Artists_-_Release_1.torrent
c:\documents and settings\eric\Application Data\uTorrent\Tears For Fears - Greatest Hits 82-92 [1992].1.torrent
c:\documents and settings\eric\Application Data\uTorrent\Tears For Fears - Greatest Hits 82-92 [1992].torrent
c:\documents and settings\eric\Application Data\uTorrent\The Bird and the Bee.torrent
c:\documents and settings\eric\Application Data\uTorrent\The Expendables.torrent
c:\documents and settings\eric\Application Data\uTorrent\The Fall TvOpt.mp4.torrent
c:\documents and settings\eric\Application Data\uTorrent\The Office - UK - Session 1 & 2 - Infinite Pirate.torrent
c:\documents and settings\eric\Application Data\uTorrent\The Office Season 1.torrent
c:\documents and settings\eric\Application Data\uTorrent\The Office Season 2.torrent
c:\documents and settings\eric\Application Data\uTorrent\The Office Season 3.torrent
c:\documents and settings\eric\Application Data\uTorrent\The Office Season 4.torrent
c:\documents and settings\eric\Application Data\uTorrent\The Offspring Full discography, 7 albums.torrent
c:\documents and settings\eric\Application Data\uTorrent\The Who - Discography (Mp3@320Kbps).torrent
c:\documents and settings\eric\Application Data\uTorrent\The Who 20 CD Discography.torrent
c:\documents and settings\eric\Application Data\uTorrent\The.Dark.Knight.2008.DVDRip.897Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\eric\Application Data\uTorrent\The.Dark.Knight[2008]DvDrip-aXXo.torrent
c:\documents and settings\eric\Application Data\uTorrent\The.Incredible.Hulk[2008]DvDrip-aXXo.torrent
c:\documents and settings\eric\Application Data\uTorrent\The.Office.S05E01.[iPodTVNova.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\The.Office.S05E02.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\The.Office.S05E03.640kbps.Baby.Shower.torrent
c:\documents and settings\eric\Application Data\uTorrent\The.Office.S05E04.640kbps.Crime.Aid.torrent
c:\documents and settings\eric\Application Data\uTorrent\The.Office.S05E05.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\The.Office.S05E06.640kbps.Customer.Survey.torrent
c:\documents and settings\eric\Application Data\uTorrent\The.Office.S05E07.640kbps.Business.Trip.torrent
c:\documents and settings\eric\Application Data\uTorrent\The.Office.S05E08.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\The.Office.S05E10.iPod-Opt.[Videoseed.com].1.torrent
c:\documents and settings\eric\Application Data\uTorrent\The.Office.S05E10.iPod-Opt.[Videoseed.com].2.torrent
c:\documents and settings\eric\Application Data\uTorrent\The.Office.S05E10.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\eric\Application Data\uTorrent\The.Office[UK.Xmas.Special]DVDrip-PsyCoSys.torrent
c:\documents and settings\eric\Application Data\uTorrent\The_Bouncing_Souls-The_Gold_Record-2006-tLOC.torrent
c:\documents and settings\eric\Application Data\uTorrent\Tom Tykwer - Run Lola Run DVD rip english subtitles original fom DVD built in.torrent
c:\documents and settings\eric\Application Data\uTorrent\Top 100 Trance and Techno Party Songs of All Time.torrent
c:\documents and settings\eric\Application Data\uTorrent\Trans-Siberian Orchestra Discography.torrent
c:\documents and settings\eric\Application Data\uTorrent\Transporter.3.2008.R5.895Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\eric\Application Data\uTorrent\utorrent.lng
c:\documents and settings\eric\Application Data\uTorrent\V for Vendetta.torrent
c:\documents and settings\eric\Application Data\uTorrent\VA-In_Search_Of_Sunrise_7_Asia__Mixed_By_Tiesto__Armani_Exchange_Limited_Edition-3CD-2008-TRANCEZONE.torrent
c:\documents and settings\eric\Application Data\uTorrent\VA-Ultra.Dance_09-2CD-2008-C4.torrent
c:\documents and settings\eric\Application Data\uTorrent\Virtual DJ Add-ons Mega Pack.torrent
c:\documents and settings\eric\Application Data\uTorrent\VSO ConvertXtoDVD 3.1.3.40+keygen.torrent
c:\documents and settings\eric\Application Data\uTorrent\Wall-E[2008]DvDrip-aXXo.torrent
c:\documents and settings\eric\Application Data\uTorrent\Will Smith Discography.torrent
c:\documents and settings\eric\Application Data\uTorrent\Xploding Plastix Discography.torrent
c:\documents and settings\eric\Application Data\uTorrent\Yeah Yeah Yeahs - Fever to Tell (2003) [MP3-192].torrent
C:\VundoFix Backups
c:\windows\system32\jiweyiyi.dll
c:\windows\system32\trz56.tmp
c:\windows\Tasks\mbaqwynl.job

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.

2008-12-20 12:56 . 2008-12-20 14:14 149 --a------ c:\windows\wininit.ini
2008-12-15 12:04 . 2008-12-15 12:04 <DIR> d-------- c:\program files\BFG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 22:55 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-12-26 21:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-16 20:28 --------- d-----w c:\documents and settings\eric\Application Data\OpenOffice.org2
2008-12-13 02:22 --------- d-----w c:\documents and settings\eric\Application Data\Vso
2008-11-26 08:35 --------- d-----w c:\program files\iPod
2008-11-26 08:35 --------- d-----w c:\program files\Common Files\Apple
2008-11-26 08:35 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 08:33 --------- d-----w c:\program files\QuickTime
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-08-07 20:55 47,360 ----a-w c:\documents and settings\eric\Application Data\pcouffin.sys
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"e:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"e:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"e:\\Program Files\\EA GAMES\\MOHAA\\MOHAA_server.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"e:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-16 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-16 20560]
R3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;c:\windows\system32\DRIVERS\wg311nd5.sys [2008-07-16 344448]
S3 AWINDIS5;AWINDIS5 Protocol Driver;\??\c:\windows\system32\AWINDIS5.SYS [2008-07-16 16194]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-22 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- e:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 08:42]

2008-12-22 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- e:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-07-07 08:42]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: {501377E0-3AA2-466E-AC82-2D93D753F775} = 4.2.2.1

c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
FF - ProfilePath - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\qocdmcq6.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - component: c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\qocdmcq6.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
FF - plugin: e:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\program files\VideoLAN\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 19:01:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-28 19:01:54
ComboFix-quarantined-files.txt 2008-12-29 00:01:51
ComboFix2.txt 2008-12-28 22:57:53

Pre-Run: 21,453,565,952 bytes free
Post-Run: 21,454,426,112 bytes free

322 --- E O F --- 2008-12-21 21:03:25

and the malwarebyte anti-malware log:

Malwarebytes' Anti-Malware 1.31
Database version: 1563
Windows 5.1.2600 Service Pack 3

12/28/2008 7:31:27 PM
mbam-log-2008-12-28 (19-31-27).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 98976
Time elapsed: 18 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 64

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\cotcax.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\degdchhm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dokelazi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\efcYoPGy.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fahihufo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fihonabe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\foburune.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fwdhnx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\geligehu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gisekaki.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iymvpioh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jiweyiyi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jojufoho.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kezahopi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJCtrPj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mugugusu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nexhiz.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nilujete.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nukiyofi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pmgcqsmn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\seruyone.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tasijapo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tepusiga.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tigifofi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\trz56.tmp.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tusiheku.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\woborugu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yukefoya.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP182\A0026786.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP183\A0026828.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP184\A0026847.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP185\A0027133.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP186\A0028134.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP187\A0028174.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP187\A0028211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP187\A0028216.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP192\A0028344.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP192\A0028350.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028446.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028448.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028449.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028453.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028455.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028456.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028457.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028458.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028464.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028467.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028469.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028471.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028454.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028472.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028473.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028474.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028475.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028479.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028480.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028481.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028482.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028483.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028484.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028494.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP193\A0028496.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D72C9573-DD91-420C-90D2-F95D0C2E90F8}\RP194\A0028591.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

and finally another hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:16 PM, on 12/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
e:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Startup: Secunia PSI.lnk = E:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1216251414875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{501377E0-3AA2-466E-AC82-2D93D753F775}: NameServer = 4.2.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{501377E0-3AA2-466E-AC82-2D93D753F775}: NameServer = 4.2.2.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 6297 bytes
 
Everything looks good as far as I can see, thanks for the feedback:bigthumb:

Let's proceed like this and see how it goes:

Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

CF_Cleanup.png


Clean the System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, update it and run it once a month or so)

Update Avast4 and scan the system, to be sure it is running right and scanning clean.

If all is well at this point, let me know and I will close the topic.


Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html
 
You must log in or register to reply here.
Back
Top