1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Adware.VirtuMonde Headache

Discussion in 'Virus & Other Malware Removal' started by Danielbrum, Jun 16, 2007.

Thread Status:
Not open for further replies.
  1. Danielbrum

    Danielbrum Thread Starter

    Joined:
    Jun 16, 2007
    Messages:
    3
    Hey, i seem to have been infected with a whole bunch of stuff this morning, my brother is banned from using my PC now!!
    However i've run a bunch of software, i think ive managed to clean most of it except this one which i cannot clean, no matter what i try..
    i've done some looking into this and it looks like norton updated thier definitions for for virtumonde 3 days ago, no matter how many times i delete the file, it comes back..
    your help would be much appreciated


    here is my Hijack this log


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 23:33:30, on 16/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Daniel\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computeach-web.co.uk/student/website/home.do
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: Hð - Hð (file missing)
    O20 - Winlogon Notify: 𘨠- 𘨠(file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

    --
    End of file - 5604 bytes
     
  2. Danielbrum

    Danielbrum Thread Starter

    Joined:
    Jun 16, 2007
    Messages:
    3
    and here is combofix log if you need

    ComboFix 07-06-13.3 - C:\Documents and Settings\Daniel\Desktop\ComboFix.exe
    "Daniel" - 2007-06-16 23:18:11 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\yoscdhec.dll
    C:\WINDOWS\system32\qtutv.bak1
    C:\WINDOWS\system32\qtutv.bak2
    C:\WINDOWS\system32\qtutv.ini
    C:\WINDOWS\system32\cehdcsoy.ini
    C:\WINDOWS\system32\vtutq.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\Daniel\APPLIC~1\Install.dat
    C:\Program Files\Common Files\microsoft shared\web folders\ibm00001.dll
    C:\Program Files\Common Files\microsoft shared\web folders\ibm00002.dll
    C:\WINDOWS\system32\instcat.dll


    ((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 )))))))))))))))))))))))))))))))


    2007-06-16 23:17 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-16 21:31 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
    2007-06-16 21:31 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-06-16 21:06 <DIR> d-------- C:\Program Files\Windows Defender
    2007-06-15 23:10 <DIR> d-------- C:\Program Files\Xilisoft
    2007-06-15 17:31 24,643 --a------ C:\WINDOWS\system32\awtsqqn.dll
    2007-06-15 15:31 <DIR> d-------- C:\Program Files\limewire
    2007-06-15 14:52 <DIR> d-------- C:\DOCUME~1\Daniel\APPLIC~1\Virgin Broadband
    2007-06-15 14:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Virgin Broadband
    2007-06-15 14:35 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
    2007-06-15 14:35 45,056 --a------ C:\WINDOWS\system32\ogg.dll
    2007-06-15 14:35 237,568 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-06-15 14:35 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
    2007-06-15 14:35 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
    2007-06-15 14:35 1,216,512 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-06-15 14:35 <DIR> d-------- C:\Program Files\dvdSanta
    2007-06-14 23:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
    2007-06-10 10:46 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
    2007-06-10 10:46 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
    2007-06-10 10:46 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
    2007-06-10 08:51 <DIR> d-------- C:\DOCUME~1\Daniel\Phone Browser
    2007-06-08 21:12 <DIR> d-------- C:\Program Files\AC3Filter
    2007-06-08 21:03 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
    2007-06-08 21:03 116,472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
    2007-06-05 22:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AlcaTech
    2007-06-05 22:55 81,920 --a------ C:\WINDOWS\system32\Tk421.dll
    2007-06-02 14:49 <DIR> d-------- C:\DOCUME~1\Daniel\Contacts
    2007-06-02 14:48 <DIR> d-------- C:\Program Files\MSN Messenger
    2007-05-31 07:45 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2007-05-31 07:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 07:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 07:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 07:44 740,442 --a------ C:\WINDOWS\system32\DivX.dll
    2007-05-30 22:05 <DIR> d-------- C:\WINDOWS\setup.pss
    2007-05-30 22:04 <DIR> d-------- C:\WINDOWS\setupupd
    2007-05-30 22:03 <DIR> d-------- C:\DOCUME~1\Daniel\APPLIC~1\Help
    2007-05-26 11:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-05-26 05:44 262,144 --ah----- C:\DOCUME~1\NETWOR~1.NTA\NTUSER.DAT
    2007-05-26 05:44 262,144 --ah----- C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT
    2007-05-26 05:39 <DIR> d-------- C:\Program Files\Online Services
    2007-05-25 18:38 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio
    2007-05-25 18:36 <DIR> d-------- C:\DOCUME~1\Daniel\APPLIC~1\Roxio
    2007-05-24 21:11 92,920 --a------ C:\WINDOWS\DLA.EXE
    2007-05-24 21:11 56,056 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
    2007-05-24 21:11 51,800 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
    2007-05-24 21:11 28,216 --a------ C:\WINDOWS\system32\drivers\DLARTL_M.SYS
    2007-05-24 21:11 12,952 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
    2007-05-24 21:11 <DIR> d-------- C:\WINDOWS\system32\DLA
    2007-05-24 21:08 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
    2007-05-24 21:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    2007-05-24 21:05 <DIR> d-------- C:\Program Files\Roxio
    2007-05-24 21:05 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
    2007-05-24 21:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
    2007-05-24 21:04 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
    2007-05-24 21:00 <DIR> d-------- C:\WINDOWS\system32\URTTemp
    2007-05-23 14:17 94,528 --a------ C:\WINDOWS\system32\drivers\mmrtkrnl.sys
    2007-05-23 14:16 70,144 --a------ C:\WINDOWS\system32\mmrtkrnl.exe
    2007-05-23 14:16 177,664 --a------ C:\WINDOWS\system32\mmrtkrnl.dll
    2007-05-20 00:34 967 --a------ C:\WINDOWS\ScUnin.pif
    2007-05-20 00:34 70,656 --a------ C:\WINDOWS\ScUnin.exe
    2007-05-20 00:34 32,653 --a------ C:\WINDOWS\scunin.dat
    2007-05-20 00:33 <DIR> d-------- C:\Program Files\Starcraft
    2007-05-20 00:26 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
    2007-05-19 19:03 53,248 --a------ C:\WINDOWS\system32\cptoshex.dll
    2007-05-19 19:03 <DIR> d-------- C:\Program Files\CopyTo
    2007-05-19 16:29 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
    2007-05-19 16:29 74,240 --a------ C:\WINDOWS\system\CamExO20.dll
    2007-05-19 16:29 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2007-05-19 16:29 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
    2007-05-19 16:29 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
    2007-05-19 16:29 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
    2007-05-19 16:29 41,984 --a------ C:\WINDOWS\system32\OVUI2RC.dll
    2007-05-19 16:29 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
    2007-05-19 16:29 314,752 --a------ C:\WINDOWS\system32\drivers\CamDrO21.sys
    2007-05-19 16:29 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
    2007-05-19 16:29 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
    2007-05-19 16:29 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
    2007-05-19 16:29 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
    2007-05-19 16:29 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
    2007-05-19 16:29 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
    2007-05-19 16:29 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
    2007-05-19 16:28 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-16 21:24:31 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-16 21:22:20 -------- d-----w C:\Program Files\SpeedFan
    2007-06-16 20:08:45 -------- d-----w C:\DOCUME~1\Daniel\APPLIC~1\LimeWire
    2007-06-14 22:16:00 2,153 ----a-w C:\WINDOWS\mozver.dat
    2007-06-08 21:41:26 -------- d-----w C:\DOCUME~1\Daniel\APPLIC~1\Ulead Systems
    2007-06-08 21:40:38 -------- d-----w C:\Program Files\Ulead Systems
    2007-06-08 20:10:34 -------- d-----w C:\DOCUME~1\Daniel\APPLIC~1\DivX
    2007-06-08 20:05:17 -------- d-----w C:\Program Files\DivX
    2007-06-01 20:38:18 -------- d-----w C:\Program Files\World of Warcraft
    2007-05-26 04:45:23 -------- d-----w C:\Program Files\Messenger
    2007-05-26 04:44:28 -------- d--h--w C:\Program Files\WindowsUpdate
    2007-05-26 04:40:14 -------- d-----w C:\Program Files\Movie Maker
    2007-05-26 04:39:07 -------- d-----w C:\Program Files\Windows NT
    2007-05-25 17:34:27 -------- d-----w C:\Program Files\InterActual
    2007-05-19 15:30:30 -------- d-----w C:\Program Files\Steam
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-10 10:07:20 -------- d-----w C:\Program Files\Samurize
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:25 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-04-23 00:15:24 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
    2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 12:49:08 -------- d-----w C:\DOCUME~1\Daniel\APPLIC~1\Apple Computer
    2007-04-14 22:42:39 4,096 ----a-w C:\WINDOWS\d3dx.dat
    2007-04-10 10:14:17 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-04-10 10:04:33 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
    2007-04-09 21:25:08 0 ----a-w C:\WINDOWS\nsreg.dat
    2007-04-09 21:07:22 0 --sha-r C:\MSDOS.SYS
    2007-04-09 21:07:22 0 --sha-r C:\IO.SYS
    2007-04-09 21:07:22 0 ----a-w C:\CONFIG.SYS
    2007-04-09 21:07:22 0 ----a-w C:\AUTOEXEC.BAT
    2007-04-09 21:05:42 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
    2007-03-20 10:37:46 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
    2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-16 21:31]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Hð]
    Hð

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ð˜¨]
    ð˜¨

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Daniel^Start Menu^Programs^Startup^Samurize.lnk]
    path=C:\Documents and Settings\Daniel\Start Menu\Programs\Startup\Samurize.lnk
    backup=C:\WINDOWS\pss\Samurize.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Daniel^Start Menu^Programs^Startup^SpeedFan.lnk]
    path=C:\Documents and Settings\Daniel\Start Menu\Programs\Startup\SpeedFan.lnk
    backup=C:\WINDOWS\pss\SpeedFan.lnkStartup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
    "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
    rundll32.exe "C:\WINDOWS\system32\yoscdhec.dll",realset

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
    C:\Program Files\Kontiki\KHost.exe -all

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
    C:\WINDOWS\system32\nvraidservice.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]
    "mmrtkrnl.exe" /i

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "c:\program files\steam\steam.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
    C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
    C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer]
    C:\winstall.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
    NtmlSvc


    Contents of the 'Scheduled Tasks' folder
    2007-05-19 18:32:39 C:\WINDOWS\tasks\backup.job
    2007-06-16 22:08:32 C:\WINDOWS\tasks\MP Scheduled Scan.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-16 23:21:24
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00000001-0000-1000-8000-0002ee000002}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


    Completion time: 2007-06-16 23:21:57 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-16 23:21

    --- E O F ---
     
  3. Danielbrum

    Danielbrum Thread Starter

    Joined:
    Jun 16, 2007
    Messages:
    3
    guys any help with this pls?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/584912

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice