Massive Virus Infection

DigitalTeardrops · 11-Jan-2008, 01:19 PM #1

Hello! I have been having several problems with my computer. In no particular order:

1. Internet Explorer keeps opening windows on its own.
2. Keep getting C:\windows\system32\pmkhe.exe, jkhhi.exe, ihhkj.ini, and several other error messages upon reboot.
3. Keep getting tmp1.tmp, tmp2.tmp and several others upon reboot.
4. I had several thousands of viruses in a file called C:\upload that I did not make. I removed them with AntiVir.
5. I used to be able to use RegCleaner by Jouni Vuorio, but when I click on it nothing happens yet I find it in running in my processes.

I have tried to follow as many of the directions from other posts as I could. So, far I have updated my Java and ran AVG,Spybot, Ad-aware, SpywareBlaster, SuperAntiSpyware, Eusing Free Registry Cleaner, AntiVir, VundoFix and ComboFix.

Below I have included my HijackThis log, ComboFix.txt, and VundoFix.txt files.

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:16 AM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\vturs.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {098E2088-BB60-4D0E-B3AD-B3BC77725BB1} - (no file)
O2 - BHO: (no name) - {4CB153C3-50FA-4F58-A0EE-AF8E4B53E785} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7a3621da-faaf-4e34-a8bc-2b13adebce2c} - (no file)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: {b290d939-4a4d-2988-82a4-c26c793baf8b} - {b8fab397-c62c-4a28-8892-d4a4939d092b} - (no file)
O2 - BHO: {498D520C-88E1-4F11-861D-B70A69F53691} - {E3CA48EF-B727-4AB2-A544-4D6F02E22EB6} - (no file)
O2 - BHO: (no name) - {e9f09d6f-efaa-494b-b1f2-16c8bc64e107} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 7373 bytes

ComboFix 08-01-11.1 - Terrie Bradford 2008-01-11 11:39:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.582 [GMT -6:00]
Running from: C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\macromedia\Flash Player\#SharedObjects\HV6DHL9D\www.broadcaster.com
C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\ymbols~1
C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\winlogo.exe
C:\WINDOWS\system32\z1
C:\WINDOWS\system32\z9
C:\winlogon.exe
C:\x.dat
C:\z.dat
D:\My Documents\CURITY~1
D:\My Documents\MBOLS~1
D:\My Documents\MBOLS~1\ntvdm.exe
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\-
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-11 11:45 . 2008-01-11 11:45 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-11 11:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 11:07 . 2008-01-11 11:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-11 10:37 . 2008-01-11 10:37 <DIR> d----c--- C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\SUPERAntiSpyware.com
2008-01-11 10:37 . 2008-01-11 10:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-11 10:05 . 2008-01-11 10:05 3,584 --a------ C:\WINDOWS\system32\vturs.exe
2008-01-11 08:09 . 2008-01-11 10:29 <DIR> d----c--- C:\VundoFix Backups
2008-01-11 08:06 . 2008-01-11 08:06 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-11 08:06 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-11 07:31 . 2008-01-11 07:46 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-11 07:23 . 2008-01-11 07:23 <DIR> d-------- C:\Program Files\RegCleaner
2008-01-11 07:20 . 2008-01-11 07:20 3,584 --a------ C:\WINDOWS\system32\jkhhi.exe
2008-01-10 20:46 . 2008-01-10 20:49 8,192 --a------ C:\WINDOWS\system32\drivers\kgpfr.cfg
2008-01-10 20:41 . 2008-01-10 20:41 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-01-10 20:40 . 2008-01-10 20:40 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-10 20:40 . 2008-01-10 21:32 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-10 20:27 . 2008-01-10 20:42 <DIR> d-------- C:\WINDOWS\system32\svcd
2008-01-10 20:27 . 2008-01-10 20:27 34,816 --a--c--- C:\info.exe
2008-01-10 20:27 . 2008-01-10 20:29 114 --a------ C:\WINDOWS\system32\url3
2008-01-10 20:27 . 2008-01-10 20:29 102 --a------ C:\WINDOWS\system32\url2
2008-01-10 20:27 . 2008-01-10 20:29 102 --a------ C:\WINDOWS\system32\url1
2008-01-10 20:27 . 2008-01-10 20:29 8 --a------ C:\WINDOWS\system32\CID
2008-01-10 20:27 . 2008-01-10 20:27 4 --a------ C:\WINDOWS\system32\SvcNm
2008-01-10 19:21 . 2008-01-11 07:13 10,596 --ahs---- C:\WINDOWS\system32\ehkmp.ini2
2008-01-10 19:21 . 2008-01-11 07:13 10,596 --ahs---- C:\WINDOWS\system32\ehkmp.ini
2008-01-10 12:55 . 2008-01-10 12:55 <DIR> d-------- C:\Program Files\Avira
2008-01-10 12:55 . 2008-01-10 12:55 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-10 12:54 . 2008-01-10 12:54 796,033 ---hs---- C:\WINDOWS\dcdfgh.ini
2008-01-10 10:38 . 2008-01-11 11:01 <DIR> d-------- C:\WINDOWS\system32\vt8
2008-01-10 10:38 . 2008-01-10 13:10 <DIR> d-------- C:\WINDOWS\system32\mp2
2008-01-10 10:38 . 2008-01-10 10:44 <DIR> d-------- C:\WINDOWS\system32\ez4
2008-01-10 10:38 . 2008-01-11 11:01 <DIR> d-------- C:\WINDOWS\system32\edcA18
2008-01-10 10:38 . 2008-01-10 10:38 <DIR> d-------- C:\WINDOWS\system32\che9
2008-01-10 10:38 . 2008-01-10 10:38 86,016 --a------ C:\WINDOWS\system32\drivers\ipnatt.sys
2008-01-10 10:37 . 2008-01-10 11:50 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-09 17:54 . 2008-01-10 12:40 1,049,725 --ahs---- C:\WINDOWS\system32\guqlrmoj.ini
2008-01-08 17:49 . 2008-01-08 17:49 <DIR> d----c--- C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\SorensonMedia
2008-01-08 16:31 . 2008-01-10 11:43 <DIR> d----c--- C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\RegClean
2008-01-08 15:23 . 2008-01-08 16:19 <DIR> d----c--- C:\BFU
2008-01-06 18:40 . 2008-01-08 15:53 1,165,115 ---hs---- C:\WINDOWS\tuuvyb.ini
2008-01-06 16:47 . 2008-01-10 20:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 16:47 . 2008-01-06 16:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-06 15:22 . 2008-01-06 15:55 474 --ahs---- C:\WINDOWS\system32\xsfjgwyt.ini
2008-01-05 19:03 . 2008-01-05 19:04 834 ---hs---- C:\WINDOWS\xxycfe.ini
2008-01-05 15:25 . 2008-01-10 20:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2008-01-05 13:24 . 2008-01-08 15:07 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-04 21:46 . 2008-01-05 18:52 774 ---hs---- C:\WINDOWS\knorss.ini
2008-01-04 21:41 . 2008-01-04 21:41 474 ---hs---- C:\WINDOWS\eggihk.ini
2008-01-04 21:37 . 2008-01-04 21:37 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-04 21:34 . 2008-01-04 21:34 40,960 --a--c--- C:\Documents and Settings\Terrie Bradford.SUPERVAIO\f.exe
2008-01-04 21:34 . 2008-01-04 21:34 134 --a--c--- C:\n.bat
2008-01-04 21:33 . 2008-01-10 22:53 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2008-01-04 21:32 . 2008-01-11 11:01 <DIR> d--hs---- C:\WINDOWS\VGVycmllIEJyYWRmb3Jk
2008-01-04 21:32 . 2008-01-11 11:01 <DIR> d-------- C:\WINDOWS\system32\mr9
2008-01-04 21:32 . 2008-01-10 13:09 <DIR> d-------- C:\WINDOWS\system32\aj2
2008-01-04 21:32 . 2008-01-04 21:32 249 --a------ C:\WINDOWS\system32\2734.bat
2008-01-04 21:31 . 2008-01-10 22:53 <DIR> d-------- C:\WINDOWS\system32\ardCo07
2008-01-03 17:57 . 2008-01-04 17:57 354 ---hs---- C:\WINDOWS\ghikmp.ini
2007-12-29 22:21 . 2007-12-29 22:21 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 16:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-11 14:06 --------- d-----w C:\Program Files\Java
2008-01-11 04:53 --------- d-----w C:\Program Files\QuickTime
2008-01-11 04:01 --------- dc----w C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\AVG7
2008-01-11 04:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-01-11 01:25 --------- d-----w C:\Program Files\MySpace
2008-01-10 19:05 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-01-10 19:04 --------- d-----w C:\Program Files\Desktop
2008-01-08 23:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 21:34 --------- d-----w C:\Program Files\iTunes
2008-01-06 21:31 --------- d-----w C:\Program Files\Sony
2008-01-06 21:27 --------- dc----w C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\Musicmatch
2008-01-06 21:27 --------- d-----w C:\Program Files\Musicmatch
2008-01-06 21:24 --------- d-----w C:\Program Files\Common Files\Adobe
2005-12-06 20:21 3,167,744 -c--a-w C:\Documents and Settings\Terrie Bradford.SUPERVAIO\gosetup.exe
2005-12-03 17:48 105,680 -c--a-w C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\GDIPFONTCACHEV1.DAT
2007-09-21 06:19 56 --sha-r C:\WINDOWS\system32\B3821A2FDB.sys
2007-09-21 06:19 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

Code:

<pre>
----a-w           256,576 2008-01-06 00:51:42  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2008-01-11 03:39:56  C:\Program Files\Messenger\msmsgs .exe
----a-w            15,360 2008-01-08 21:07:58  C:\WINDOWS\system32\ctfmon .exe
----a-w           155,648 2008-01-11 02:04:46  C:\WINDOWS\system32\NeroCheck .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-09-22 14:18 145920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2003-07-02 18:51 49152 C:\WINDOWS\mididef.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - D:\Common\Bin\WinCinemaMgr.exe [2006-04-25 17:10:48]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 ipnatt;ipnatt;C:\WINDOWS\system32\drivers\ipnatt.sys [2008-01-10 10:38]
R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\system32\drivers\bender.sys [2003-07-09 14:35]
S3 hp4200c;%usbscan.SvcDesc%;C:\WINDOWS\system32\DRIVERS\hp4200c.sys [2001-02-18 16:09]
S3 Lanmin6aff;Lanmin6aff;C:\WINDOWS\system32\mmc.exe [2004-08-04 01:56]
S3 Msksosar;Msksosar;C:\WINDOWS\system32\drivers\mssmbios.sys [2004-08-04 00:07]
S3 Mxsmaappp;Mxsmaappp;C:\WINDOWS\System32\drivers\nmnt.sys [2004-08-03 23:59]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 15:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-11 09:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean .ex
- C:\Program Files\RegClean
"2004-06-27 18:46:29 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 11:47:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-11 11:50:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-11 17:50:10
.
2007-12-30 04:25:47 --- E O F ---

VundoFix.txt

VundoFix V6.7.7

Checking Java version...

Scan started at 8:09:50 AM 1/11/2008

Listing files found while scanning....

C:\WINDOWS\system32\awtsrpm.dll
C:\WINDOWS\system32\ddcdbba.dll
C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\ihhkj.ini2
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\jkkhhgg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtsrpm.dll
C:\WINDOWS\system32\awtsrpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdbba.dll
C:\WINDOWS\system32\ddcdbba.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\ihhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihhkj.ini2
C:\WINDOWS\system32\ihhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\jkhhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkhhgg.dll
C:\WINDOWS\system32\jkkhhgg.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkhhgg.dll
C:\WINDOWS\system32\jkkhhgg.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Scan started at 10:01:22 AM 1/11/2008

Listing files found while scanning....

C:\WINDOWS\system32\jkkhhgg.dll
C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\srutv.ini2
C:\WINDOWS\system32\vturs.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkhhgg.dll
C:\WINDOWS\system32\jkkhhgg.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\srutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\srutv.ini2
C:\WINDOWS\system32\srutv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\vturs.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkhhgg.dll
C:\WINDOWS\system32\jkkhhgg.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\srutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\srutv.ini2
C:\WINDOWS\system32\srutv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\vturs.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Please let me know what I need to do next. Thank you very much in advance for your help!
Terrie

DigitalTeardrops · 19-Jan-2008, 09:23 AM #2

I am still not sure what to do. Thanks for any help!

Quote:

Originally Posted by DigitalTeardrops

Hello! I have been having several problems with my computer. In no particular order:

1. Internet Explorer keeps opening windows on its own.
2. Keep getting C:\windows\system32\pmkhe.exe, jkhhi.exe, ihhkj.ini, and several other error messages upon reboot.
3. Keep getting tmp1.tmp, tmp2.tmp and several others upon reboot.
4. I had several thousands of viruses in a file called C:\upload that I did not make. I removed them with AntiVir.
5. I used to be able to use RegCleaner by Jouni Vuorio, but when I click on it nothing happens yet I find it in running in my processes.

I have tried to follow as many of the directions from other posts as I could. So, far I have updated my Java and ran AVG,Spybot, Ad-aware, SpywareBlaster, SuperAntiSpyware, Eusing Free Registry Cleaner, AntiVir, VundoFix and ComboFix.

Below I have included my HijackThis log, ComboFix.txt, and VundoFix.txt files.

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:16 AM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\vturs.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {098E2088-BB60-4D0E-B3AD-B3BC77725BB1} - (no file)
O2 - BHO: (no name) - {4CB153C3-50FA-4F58-A0EE-AF8E4B53E785} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7a3621da-faaf-4e34-a8bc-2b13adebce2c} - (no file)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: {b290d939-4a4d-2988-82a4-c26c793baf8b} - {b8fab397-c62c-4a28-8892-d4a4939d092b} - (no file)
O2 - BHO: {498D520C-88E1-4F11-861D-B70A69F53691} - {E3CA48EF-B727-4AB2-A544-4D6F02E22EB6} - (no file)
O2 - BHO: (no name) - {e9f09d6f-efaa-494b-b1f2-16c8bc64e107} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 7373 bytes

ComboFix 08-01-11.1 - Terrie Bradford 2008-01-11 11:39:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.582 [GMT -6:00]
Running from: C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\macromedia\Flash Player\#SharedObjects\HV6DHL9D\www.broadcaster.com
C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\ymbols~1
C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\winlogo.exe
C:\WINDOWS\system32\z1
C:\WINDOWS\system32\z9
C:\winlogon.exe
C:\x.dat
C:\z.dat
D:\My Documents\CURITY~1
D:\My Documents\MBOLS~1
D:\My Documents\MBOLS~1\ntvdm.exe
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\-
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-11 11:45 . 2008-01-11 11:45 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-11 11:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 11:07 . 2008-01-11 11:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-11 10:37 . 2008-01-11 10:37 <DIR> d----c--- C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\SUPERAntiSpyware.com
2008-01-11 10:37 . 2008-01-11 10:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-11 10:05 . 2008-01-11 10:05 3,584 --a------ C:\WINDOWS\system32\vturs.exe
2008-01-11 08:09 . 2008-01-11 10:29 <DIR> d----c--- C:\VundoFix Backups
2008-01-11 08:06 . 2008-01-11 08:06 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-11 08:06 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-11 07:31 . 2008-01-11 07:46 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-11 07:23 . 2008-01-11 07:23 <DIR> d-------- C:\Program Files\RegCleaner
2008-01-11 07:20 . 2008-01-11 07:20 3,584 --a------ C:\WINDOWS\system32\jkhhi.exe
2008-01-10 20:46 . 2008-01-10 20:49 8,192 --a------ C:\WINDOWS\system32\drivers\kgpfr.cfg
2008-01-10 20:41 . 2008-01-10 20:41 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-01-10 20:40 . 2008-01-10 20:40 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-10 20:40 . 2008-01-10 21:32 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-10 20:27 . 2008-01-10 20:42 <DIR> d-------- C:\WINDOWS\system32\svcd
2008-01-10 20:27 . 2008-01-10 20:27 34,816 --a--c--- C:\info.exe
2008-01-10 20:27 . 2008-01-10 20:29 114 --a------ C:\WINDOWS\system32\url3
2008-01-10 20:27 . 2008-01-10 20:29 102 --a------ C:\WINDOWS\system32\url2
2008-01-10 20:27 . 2008-01-10 20:29 102 --a------ C:\WINDOWS\system32\url1
2008-01-10 20:27 . 2008-01-10 20:29 8 --a------ C:\WINDOWS\system32\CID
2008-01-10 20:27 . 2008-01-10 20:27 4 --a------ C:\WINDOWS\system32\SvcNm
2008-01-10 19:21 . 2008-01-11 07:13 10,596 --ahs---- C:\WINDOWS\system32\ehkmp.ini2
2008-01-10 19:21 . 2008-01-11 07:13 10,596 --ahs---- C:\WINDOWS\system32\ehkmp.ini
2008-01-10 12:55 . 2008-01-10 12:55 <DIR> d-------- C:\Program Files\Avira
2008-01-10 12:55 . 2008-01-10 12:55 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-10 12:54 . 2008-01-10 12:54 796,033 ---hs---- C:\WINDOWS\dcdfgh.ini
2008-01-10 10:38 . 2008-01-11 11:01 <DIR> d-------- C:\WINDOWS\system32\vt8
2008-01-10 10:38 . 2008-01-10 13:10 <DIR> d-------- C:\WINDOWS\system32\mp2
2008-01-10 10:38 . 2008-01-10 10:44 <DIR> d-------- C:\WINDOWS\system32\ez4
2008-01-10 10:38 . 2008-01-11 11:01 <DIR> d-------- C:\WINDOWS\system32\edcA18
2008-01-10 10:38 . 2008-01-10 10:38 <DIR> d-------- C:\WINDOWS\system32\che9
2008-01-10 10:38 . 2008-01-10 10:38 86,016 --a------ C:\WINDOWS\system32\drivers\ipnatt.sys
2008-01-10 10:37 . 2008-01-10 11:50 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-09 17:54 . 2008-01-10 12:40 1,049,725 --ahs---- C:\WINDOWS\system32\guqlrmoj.ini
2008-01-08 17:49 . 2008-01-08 17:49 <DIR> d----c--- C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\SorensonMedia
2008-01-08 16:31 . 2008-01-10 11:43 <DIR> d----c--- C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\RegClean
2008-01-08 15:23 . 2008-01-08 16:19 <DIR> d----c--- C:\BFU
2008-01-06 18:40 . 2008-01-08 15:53 1,165,115 ---hs---- C:\WINDOWS\tuuvyb.ini
2008-01-06 16:47 . 2008-01-10 20:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 16:47 . 2008-01-06 16:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-06 15:22 . 2008-01-06 15:55 474 --ahs---- C:\WINDOWS\system32\xsfjgwyt.ini
2008-01-05 19:03 . 2008-01-05 19:04 834 ---hs---- C:\WINDOWS\xxycfe.ini
2008-01-05 15:25 . 2008-01-10 20:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2008-01-05 13:24 . 2008-01-08 15:07 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-04 21:46 . 2008-01-05 18:52 774 ---hs---- C:\WINDOWS\knorss.ini
2008-01-04 21:41 . 2008-01-04 21:41 474 ---hs---- C:\WINDOWS\eggihk.ini
2008-01-04 21:37 . 2008-01-04 21:37 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-04 21:34 . 2008-01-04 21:34 40,960 --a--c--- C:\Documents and Settings\Terrie Bradford.SUPERVAIO\f.exe
2008-01-04 21:34 . 2008-01-04 21:34 134 --a--c--- C:\n.bat
2008-01-04 21:33 . 2008-01-10 22:53 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2008-01-04 21:32 . 2008-01-11 11:01 <DIR> d--hs---- C:\WINDOWS\VGVycmllIEJyYWRmb3Jk
2008-01-04 21:32 . 2008-01-11 11:01 <DIR> d-------- C:\WINDOWS\system32\mr9
2008-01-04 21:32 . 2008-01-10 13:09 <DIR> d-------- C:\WINDOWS\system32\aj2
2008-01-04 21:32 . 2008-01-04 21:32 249 --a------ C:\WINDOWS\system32\2734.bat
2008-01-04 21:31 . 2008-01-10 22:53 <DIR> d-------- C:\WINDOWS\system32\ardCo07
2008-01-03 17:57 . 2008-01-04 17:57 354 ---hs---- C:\WINDOWS\ghikmp.ini
2007-12-29 22:21 . 2007-12-29 22:21 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 16:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-11 14:06 --------- d-----w C:\Program Files\Java
2008-01-11 04:53 --------- d-----w C:\Program Files\QuickTime
2008-01-11 04:01 --------- dc----w C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\AVG7
2008-01-11 04:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-01-11 01:25 --------- d-----w C:\Program Files\MySpace
2008-01-10 19:05 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-01-10 19:04 --------- d-----w C:\Program Files\Desktop
2008-01-08 23:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 21:34 --------- d-----w C:\Program Files\iTunes
2008-01-06 21:31 --------- d-----w C:\Program Files\Sony
2008-01-06 21:27 --------- dc----w C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\Musicmatch
2008-01-06 21:27 --------- d-----w C:\Program Files\Musicmatch
2008-01-06 21:24 --------- d-----w C:\Program Files\Common Files\Adobe
2005-12-06 20:21 3,167,744 -c--a-w C:\Documents and Settings\Terrie Bradford.SUPERVAIO\gosetup.exe
2005-12-03 17:48 105,680 -c--a-w C:\Documents and Settings\Terrie Bradford.SUPERVAIO\Application Data\GDIPFONTCACHEV1.DAT
2007-09-21 06:19 56 --sha-r C:\WINDOWS\system32\B3821A2FDB.sys
2007-09-21 06:19 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

Code:

<pre>
----a-w           256,576 2008-01-06 00:51:42  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2008-01-11 03:39:56  C:\Program Files\Messenger\msmsgs .exe
----a-w            15,360 2008-01-08 21:07:58  C:\WINDOWS\system32\ctfmon .exe
----a-w           155,648 2008-01-11 02:04:46  C:\WINDOWS\system32\NeroCheck .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-09-22 14:18 145920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2003-07-02 18:51 49152 C:\WINDOWS\mididef.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - D:\Common\Bin\WinCinemaMgr.exe [2006-04-25 17:10:48]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 ipnatt;ipnatt;C:\WINDOWS\system32\drivers\ipnatt.sys [2008-01-10 10:38]
R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\system32\drivers\bender.sys [2003-07-09 14:35]
S3 hp4200c;%usbscan.SvcDesc%;C:\WINDOWS\system32\DRIVERS\hp4200c.sys [2001-02-18 16:09]
S3 Lanmin6aff;Lanmin6aff;C:\WINDOWS\system32\mmc.exe [2004-08-04 01:56]
S3 Msksosar;Msksosar;C:\WINDOWS\system32\drivers\mssmbios.sys [2004-08-04 00:07]
S3 Mxsmaappp;Mxsmaappp;C:\WINDOWS\System32\drivers\nmnt.sys [2004-08-03 23:59]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 15:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-11 09:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean .ex
- C:\Program Files\RegClean
"2004-06-27 18:46:29 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 11:47:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-11 11:50:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-11 17:50:10
.
2007-12-30 04:25:47 --- E O F ---

VundoFix.txt

VundoFix V6.7.7

Checking Java version...

Scan started at 8:09:50 AM 1/11/2008

Listing files found while scanning....

C:\WINDOWS\system32\awtsrpm.dll
C:\WINDOWS\system32\ddcdbba.dll
C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\ihhkj.ini2
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\jkkhhgg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtsrpm.dll
C:\WINDOWS\system32\awtsrpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdbba.dll
C:\WINDOWS\system32\ddcdbba.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\ihhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihhkj.ini2
C:\WINDOWS\system32\ihhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\jkhhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkhhgg.dll
C:\WINDOWS\system32\jkkhhgg.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkhhgg.dll
C:\WINDOWS\system32\jkkhhgg.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Scan started at 10:01:22 AM 1/11/2008

Listing files found while scanning....

C:\WINDOWS\system32\jkkhhgg.dll
C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\srutv.ini2
C:\WINDOWS\system32\vturs.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkhhgg.dll
C:\WINDOWS\system32\jkkhhgg.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\srutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\srutv.ini2
C:\WINDOWS\system32\srutv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\vturs.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkhhgg.dll
C:\WINDOWS\system32\jkkhhgg.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\srutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\srutv.ini2
C:\WINDOWS\system32\srutv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\vturs.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Please let me know what I need to do next. Thank you very much in advance for your help!
Terrie

DigitalTeardrops · 25-Jan-2008, 11:27 AM #3

I first posted my request on January 11 and then wrote again on January 19. I don't know if I did something incorrectly, but I am hoping that someone can give me some direction. I use this computer for video work and I volunteered to do a video for some 85 and 90 WWII veterans. Time is of the essence, for their sake! Thank you very much for your help!

Search
Search in:
Show Threads Show Posts
Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)