1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Vundo Virtumonde returning HJT log included

Discussion in 'Virus & Other Malware Removal' started by rustedhalo, Oct 26, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. rustedhalo

    rustedhalo Thread Starter

    Joined:
    Oct 24, 2007
    Messages:
    7
    OK, so I was getting help from MFDnNC and they were quite helpful until I guess their privs were removed. So I'm reposting my logs here in hopes of getting further help.

    My initial HJT log followed by a ComboFix and then SUPERAntiSpyware log and then a HJT log I ran after a reboot. Thanks in advance for any and all help provided.



    Logfile of HijackThis v1.99.1
    Scan saved at 4:08:18 PM, on 10/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\BitTorrent_DNA\dna.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Wireless LAN\WlanUtil.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
    O4 - HKCU\..\Run: [Teoe] "C:\WINDOWS\MCROSO~1\chkntfs.exe" -vt yazb
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F68F2710-8E7A-4C42-965D-5F827583C974}: NameServer = 192.168.2.1
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe




    --------------------------------------ComboFix Log----------------------------------------



    ComboFix 07-10-25.1 - RUST3DHAL0 2007-10-26 16:11:06.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1300 [GMT -7:00]
    Running from: C:\Documents and Settings\RUST3DHAL0\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\check_LSA7.txt
    C:\WINDOWS\system32\ddcyx.dll
    C:\WINDOWS\system32\hjjlm.bak1
    C:\WINDOWS\system32\hjjlm.ini2
    C:\WINDOWS\system32\hjjlm.tmp
    C:\WINDOWS\system32\xycdd.bak1
    C:\WINDOWS\system32\xycdd.ini

    .
    ((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))
    .

    2007-10-24 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-10-24 20:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-10-24 20:06 <DIR> d-------- C:\Documents and Settings\RUST3DHAL0\Application Data\SUPERAntiSpyware.com
    2007-10-24 19:28 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-24 17:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
    2007-10-23 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    2007-10-22 18:35 <DIR> d-------- C:\Program Files\Adsense Helper Object
    2007-10-22 18:25 35,328 --a------ C:\WINDOWS\system32\qommnlm.dll
    2007-10-22 16:37 <DIR> d-------- C:\Program Files\Spyware Doctor
    2007-10-22 16:37 <DIR> d-------- C:\Documents and Settings\RUST3DHAL0\Application Data\PC Tools
    2007-10-22 16:37 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-10-22 16:37 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-10-22 16:37 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-10-22 16:37 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-10-22 16:37 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-10-22 14:51 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-22 14:50 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-10-22 14:50 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2007-10-22 14:50 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2007-10-21 16:37 <DIR> d-------- C:\Program Files\LucasArts
    2007-10-21 16:33 34,304 --a------ C:\WINDOWS\system32\mljkllk.dll
    2007-10-21 16:25 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2007-10-08 01:23 <DIR> d-------- C:\Documents and Settings\RUST3DHAL0\My Games
    2007-10-08 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Microsoft
    2007-10-07 23:18 <DIR> d-------- C:\Program Files\id Software
    2007-10-03 19:30 <DIR> d-------- C:\WINDOWS\system32\NtmsData
    2007-09-26 22:53 <DIR> d-------- C:\Program Files\iTunes
    2007-09-26 22:53 <DIR> d-------- C:\Program Files\iPod

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-26 23:16 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\BitTorrent DNA
    2007-10-25 03:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-23 22:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-22 23:17 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\uTorrent
    2007-10-22 04:28 --------- d-----w C:\Program Files\Visioneer OneTouch
    2007-09-19 06:59 --------- d-----w C:\Program Files\BitTorrent_DNA
    2007-09-18 04:13 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\Ahead
    2007-09-16 09:33 --------- d-----w C:\Program Files\Java
    2007-09-16 09:33 --------- d-----w C:\Program Files\Common Files\Java
    2007-09-15 14:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
    2007-09-14 06:37 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-09-14 06:36 --------- d-----w C:\Program Files\hp deskjet 3320 series
    2007-09-14 06:10 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\Bioshock
    2007-09-13 14:38 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-09-13 13:54 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-09-13 13:51 --------- d-----w C:\Program Files\2K Games
    2007-09-12 11:37 --------- d-----w C:\Program Files\Wireless LAN
    2007-09-12 09:48 --------- d-----w C:\Program Files\AirLink101
    2007-09-11 11:56 --------- d-----w C:\Program Files\WinTV
    2007-09-08 10:47 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-09-08 10:46 --------- d-----w C:\Program Files\Common Files\InstallShield
    2007-09-08 10:28 --------- d-----w C:\Program Files\Ahead
    2007-09-08 10:24 --------- d-----w C:\Program Files\Common Files\Ahead
    2007-09-08 10:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
    2007-09-08 10:17 --------- d-----w C:\Program Files\DVD Decrypter
    2007-09-08 09:50 --------- d-----w C:\Program Files\Unreal Tournament 2004
    2007-09-08 07:39 --------- d-----w C:\Program Files\Lavasoft
    2007-09-08 07:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-09-08 07:32 --------- d-----w C:\Program Files\uTorrent
    2007-09-08 07:31 --------- d-----w C:\Program Files\BitTorrent
    2007-09-08 06:17 --------- d-----w C:\Program Files\Stardock
    2007-09-08 06:17 --------- d-----w C:\Program Files\Common Files\Stardock
    2007-09-08 05:12 --------- d-----w C:\Program Files\InterActual
    2007-09-08 05:08 --------- d-----w C:\Program Files\Xvid
    2007-09-08 05:03 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\DivX
    2007-09-08 04:57 --------- d-----w C:\Program Files\DivX
    2007-09-08 04:55 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\vlc
    2007-09-08 04:39 --------- d-----w C:\Program Files\VideoLAN
    2007-09-07 12:40 --------- d-----w C:\Program Files\QuickTime
    2007-09-07 12:40 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\Apple Computer
    2007-09-07 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-09-07 12:39 --------- d-----w C:\Program Files\Common Files\Apple
    2007-09-07 12:39 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-07 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-09-07 12:18 --------- d-----w C:\Program Files\MSXML 6.0
    2007-09-07 12:16 --------- d-----w C:\Program Files\MSXML 4.0
    2007-09-07 11:53 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-09-07 11:53 --------- d-----w C:\Program Files\Realtek
    2007-09-07 11:26 --------- d-----w C:\Program Files\microsoft frontpage
    2007-09-07 11:22 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-08-15 22:33 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
    2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
    2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
    2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-08-15 22:30 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-08-15 22:30 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-31 02:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2001-09-10 16:00 139,264 ----a-w C:\WINDOWS\inf\i386\Rtscan.dll
    2001-09-10 15:10 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
    2001-08-18 01:43 32,768 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
    2001-08-04 01:29 13,824 ----a-w C:\WINDOWS\inf\i386\usbscan.sys
    2001-06-29 15:10 163,840 ----a-w C:\WINDOWS\inf\i386\viceo.dll
    .

    ((((((((((((((((((((((((((((( [email protected]_19.59.19.67 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-10-25 03:07:09 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
    + 2007-10-25 03:07:09 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    + 2007-10-25 03:07:09 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6B1F430-52B5-4478-9FC6-A94F79D423C3}]
    2007-10-21 16:33 34304 --a------ C:\WINDOWS\system32\mljkllk.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 06:03]
    "nwiz"="nwiz.exe" []
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 06:03]
    "RTHDCPL"="RTHDCPL.EXE" [2006-12-18 20:12 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
    "AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 15:56]
    "OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2001-09-10 08:08]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-17 12:02]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-09-08 00:31]
    "Teoe"="C:\WINDOWS\MCROSO~1\chkntfs.exe" []
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    C:\Documents and Settings\RUST3DHAL0\Start Menu\Programs\Startup\
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-09-07 23:17:38]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-08 03:37:32]
    IEEE 802.11g USB Wireless LAN Utility.lnk - C:\Program Files\Wireless LAN\WlanUtil.exe [2007-09-12 04:37:38]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{F6B1F430-52B5-4478-9FC6-A94F79D423C3}"= C:\WINDOWS\system32\mljkllk.dll [2007-10-21 16:33 34304]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkllk]
    mljkllk.dll 2007-10-21 16:33 34304 C:\WINDOWS\system32\mljkllk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-05 17:36 140976 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=wbsys.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys
    R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys
    R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
    R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS
    S3 ZD1211U(WLAN);IEEE 802.11g USB Wireless LAN Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.sys

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-17 22:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    .
    **************************************************************************

    catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-26 16:19:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-26 16:20:33 - machine was rebooted
    C:\ComboFix2.txt ... 2007-10-25 18:53
    C:\ComboFix3.txt ... 2007-10-24 20:00
    .
    --- E O F ---



    -------------------------------SUPERAntiSpyware Log-----------------------------------------------



    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/26/2007 at 04:40 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3330
    Trace Rules Database Version: 1331

    Scan type : Complete Scan
    Total Scan Time : 00:15:15

    Memory items scanned : 411
    Memory threats detected : 1
    Registry items scanned : 4546
    Registry threats detected : 5
    File items scanned : 22078
    File threats detected : 3

    Adware.Vundo Variant
    C:\WINDOWS\SYSTEM32\DDAYX.DLL
    C:\WINDOWS\SYSTEM32\DDAYX.DLL
    HKLM\Software\Classes\CLSID\{81AA21DA-1B41-4B50-9BB9-970CA507A489}
    HKCR\CLSID\{81AA21DA-1B41-4B50-9BB9-970CA507A489}
    HKCR\CLSID\{81AA21DA-1B41-4B50-9BB9-970CA507A489}\InprocServer32
    HKCR\CLSID\{81AA21DA-1B41-4B50-9BB9-970CA507A489}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81AA21DA-1B41-4B50-9BB9-970CA507A489}

    Adware.Vundo Variant/Rel
    C:\WINDOWS\SYSTEM32\XYADD.BAK1
    C:\WINDOWS\SYSTEM32\YBADD.INI



    -------------------------------------Final HJT Log----------------------------------------------------



    Logfile of HijackThis v1.99.1
    Scan saved at 4:50:06 PM, on 10/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\BitTorrent_DNA\dna.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Wireless LAN\WlanUtil.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1EE54099-3510-4FC0-A365-91879C026584} - C:\WINDOWS\system32\ddayx.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {F6B1F430-52B5-4478-9FC6-A94F79D423C3} - C:\WINDOWS\system32\mljkllk.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
    O4 - HKCU\..\Run: [Teoe] "C:\WINDOWS\MCROSO~1\chkntfs.exe" -vt yazb
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F68F2710-8E7A-4C42-965D-5F827583C974}: NameServer = 192.168.2.1
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: mljkllk - C:\WINDOWS\SYSTEM32\mljkllk.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    Give me a moment to create a fix. Thanks (y) :)
     
  3. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    You still have some leftover vundo.

    Please download the attached file named CFScript.txt and Save it to your Desktop.

    [​IMG]

    Refering to the picture above, drag CFScript.txt into ComboFix.exe


    In your next reply, please post a fresh Combofix log and a fresh Hijackthis log.


    Do not run on any other computer!!!! The Attached file CFScript.txt is created for this specfic computer. Running it on another system could cause it to crash or worse.


    =====================================

    Please perform a scan with Kaspersky Webscan Online Virus Scanner
    1. Click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
    2. Read the Requirements and Privacy statement, then select "Accept".
    3. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    4. Click "Yes or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    5. When the download is complete it will say ready, click "Next".
    6. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    7. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    8. Click "OK".
    9. Under "Select a target to scan", click on "My Computer".
    10. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
     

    Attached Files:

  4. rustedhalo

    rustedhalo Thread Starter

    Joined:
    Oct 24, 2007
    Messages:
    7
    ComboFix 07-10-25.1 - RUST3DHAL0 2007-10-26 18:24:42.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1549 [GMT -7:00]
    Running from: C:\Documents and Settings\RUST3DHAL0\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\RUST3DHAL0\Desktop\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\system32\mljkllk.dll
    C:\WINDOWS\system32\qommnlm.dll
    .

    ((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
    .

    2007-10-24 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-10-24 20:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-10-24 20:06 <DIR> d-------- C:\Documents and Settings\RUST3DHAL0\Application Data\SUPERAntiSpyware.com
    2007-10-24 19:28 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-24 17:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
    2007-10-23 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    2007-10-22 18:35 <DIR> d-------- C:\Program Files\Adsense Helper Object
    2007-10-22 16:37 <DIR> d-------- C:\Program Files\Spyware Doctor
    2007-10-22 16:37 <DIR> d-------- C:\Documents and Settings\RUST3DHAL0\Application Data\PC Tools
    2007-10-22 16:37 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-10-22 16:37 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-10-22 16:37 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-10-22 16:37 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-10-22 16:37 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-10-22 14:51 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-22 14:50 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-10-22 14:50 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2007-10-22 14:50 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2007-10-21 16:37 <DIR> d-------- C:\Program Files\LucasArts
    2007-10-21 16:25 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2007-10-08 01:23 <DIR> d-------- C:\Documents and Settings\RUST3DHAL0\My Games
    2007-10-08 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Microsoft
    2007-10-07 23:18 <DIR> d-------- C:\Program Files\id Software
    2007-10-03 19:30 <DIR> d-------- C:\WINDOWS\system32\NtmsData

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-27 01:16 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\BitTorrent DNA
    2007-10-25 03:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-23 22:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-22 23:17 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\uTorrent
    2007-10-22 04:28 --------- d-----w C:\Program Files\Visioneer OneTouch
    2007-09-27 05:53 --------- d-----w C:\Program Files\iTunes
    2007-09-27 05:53 --------- d-----w C:\Program Files\iPod
    2007-09-19 06:59 --------- d-----w C:\Program Files\BitTorrent_DNA
    2007-09-18 04:13 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\Ahead
    2007-09-16 09:33 --------- d-----w C:\Program Files\Java
    2007-09-16 09:33 --------- d-----w C:\Program Files\Common Files\Java
    2007-09-15 14:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
    2007-09-14 06:37 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-09-14 06:36 --------- d-----w C:\Program Files\hp deskjet 3320 series
    2007-09-14 06:10 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\Bioshock
    2007-09-13 14:38 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-09-13 13:54 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-09-13 13:51 --------- d-----w C:\Program Files\2K Games
    2007-09-12 11:37 --------- d-----w C:\Program Files\Wireless LAN
    2007-09-12 09:48 --------- d-----w C:\Program Files\AirLink101
    2007-09-11 11:56 --------- d-----w C:\Program Files\WinTV
    2007-09-08 10:47 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-09-08 10:46 --------- d-----w C:\Program Files\Common Files\InstallShield
    2007-09-08 10:28 --------- d-----w C:\Program Files\Ahead
    2007-09-08 10:24 --------- d-----w C:\Program Files\Common Files\Ahead
    2007-09-08 10:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
    2007-09-08 10:17 --------- d-----w C:\Program Files\DVD Decrypter
    2007-09-08 09:50 --------- d-----w C:\Program Files\Unreal Tournament 2004
    2007-09-08 07:39 --------- d-----w C:\Program Files\Lavasoft
    2007-09-08 07:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-09-08 07:32 --------- d-----w C:\Program Files\uTorrent
    2007-09-08 07:31 --------- d-----w C:\Program Files\BitTorrent
    2007-09-08 06:17 --------- d-----w C:\Program Files\Stardock
    2007-09-08 06:17 --------- d-----w C:\Program Files\Common Files\Stardock
    2007-09-08 05:12 --------- d-----w C:\Program Files\InterActual
    2007-09-08 05:08 --------- d-----w C:\Program Files\Xvid
    2007-09-08 05:03 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\DivX
    2007-09-08 04:57 --------- d-----w C:\Program Files\DivX
    2007-09-08 04:55 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\vlc
    2007-09-08 04:39 --------- d-----w C:\Program Files\VideoLAN
    2007-09-07 12:40 --------- d-----w C:\Program Files\QuickTime
    2007-09-07 12:40 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\Apple Computer
    2007-09-07 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-09-07 12:39 --------- d-----w C:\Program Files\Common Files\Apple
    2007-09-07 12:39 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-07 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-09-07 12:18 --------- d-----w C:\Program Files\MSXML 6.0
    2007-09-07 12:16 --------- d-----w C:\Program Files\MSXML 4.0
    2007-09-07 11:53 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-09-07 11:53 --------- d-----w C:\Program Files\Realtek
    2007-09-07 11:26 --------- d-----w C:\Program Files\microsoft frontpage
    2007-09-07 11:22 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-08-15 22:33 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
    2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
    2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
    2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-08-15 22:30 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-08-15 22:30 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-31 02:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2001-09-10 16:00 139,264 ----a-w C:\WINDOWS\inf\i386\Rtscan.dll
    2001-09-10 15:10 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
    2001-08-18 01:43 32,768 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
    2001-08-04 01:29 13,824 ----a-w C:\WINDOWS\inf\i386\usbscan.sys
    2001-06-29 15:10 163,840 ----a-w C:\WINDOWS\inf\i386\viceo.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\Documents and Settings\All Users\Application Data\SecTaskMan ----

    2007-10-23 18:45 316 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\mgrs.exe.q_2CF2E00_q.ini
    2007-10-23 18:45 2394 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\_win1A.exe101E5200
    2007-10-23 18:43 317 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\mljkllk.dll.q_8048600_q.ini
    2007-10-23 18:42 319 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\kctvcuag.dll.q_8042E41_q.ini
    2007-10-23 18:33 964 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_D6461317C3DC4F04799BDCE9E42626FE
    2007-10-23 18:33 964 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_9473DBE3E403C4A459570CE0F5102571
    2007-10-23 18:33 919 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE
    2007-10-23 18:33 907 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll
    2007-10-23 18:33 744 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7448A0100000030.dll
    2007-10-23 18:33 74 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002.dll
    2007-10-23 18:33 716 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7448A0100000030
    2007-10-23 18:33 653 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_AA098A591B3B6B44C9818A7FBAE37ECF
    2007-10-23 18:33 634 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_C9DC9FF7C0E6264469074F42CD3BD2FA
    2007-10-23 18:33 594 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_9473DBE3E403C4A459570CE0F5102571.dll
    2007-10-23 18:33 574 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_67440FEAAF152F14080FA09D0B624FA6
    2007-10-23 18:33 571 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002
    2007-10-23 18:33 545 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A
    2007-10-23 18:33 539 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE
    2007-10-23 18:33 538 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_04D96FE49CD4E584593D1B2CF212F88C
    2007-10-23 18:33 522 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0
    2007-10-23 18:33 522 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2
    2007-10-23 18:33 522 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9
    2007-10-23 18:33 522 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4F6199385B8D7044EBD6D6E49B9DA64F
    2007-10-23 18:33 522 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_42CBECC7BD2608248ACEFB4AF9619702
    2007-10-23 18:33 41 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9.dll
    2007-10-23 18:33 3895 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_D6461317C3DC4F04799BDCE9E42626FE.dll
    2007-10-23 18:33 36 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_04D96FE49CD4E584593D1B2CF212F88C.dll
    2007-10-23 18:33 3333 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_AA098A591B3B6B44C9818A7FBAE37ECF.dll
    2007-10-23 18:33 26 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2.dll
    2007-10-23 18:33 2308 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_C9DC9FF7C0E6264469074F42CD3BD2FA.dll
    2007-10-23 18:33 227 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll
    2007-10-23 18:33 223 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4F6199385B8D7044EBD6D6E49B9DA64F.dll
    2007-10-23 18:33 152 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
    2007-10-23 18:33 133 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_67440FEAAF152F14080FA09D0B624FA6.dll
    2007-10-23 18:33 122 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_42CBECC7BD2608248ACEFB4AF9619702.dll
    2007-10-23 18:33 1180 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A.dll
    2007-10-23 18:16 11776 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\mgrs.exe.q_2CF2E00_q
    2007-10-22 04:47 77376 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\kctvcuag.dll.q_8042E41_q
    2004-08-03 16:56 708096 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
    2004-08-03 16:56 616960 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\_entreelist.dll

    ---- Directory of C:\Program Files\Adsense Helper Object ----

    2007-10-22 18:35 26112 --a------ C:\Program Files\Adsense Helper Object\aho.v5.dll


    ((((((((((((((((((((((((((((( [email protected]_19.59.19.67 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-10-25 03:07:09 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
    + 2007-10-25 03:07:09 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    + 2007-10-25 03:07:09 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EE54099-3510-4FC0-A365-91879C026584}]
    C:\WINDOWS\system32\ddayx.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 06:03]
    "nwiz"="nwiz.exe" []
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 06:03]
    "RTHDCPL"="RTHDCPL.EXE" [2006-12-18 20:12 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
    "AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 15:56]
    "OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2001-09-10 08:08]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-17 12:02]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-09-08 00:31]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    C:\Documents and Settings\RUST3DHAL0\Start Menu\Programs\Startup\
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-09-07 23:17:38]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-08 03:37:32]
    IEEE 802.11g USB Wireless LAN Utility.lnk - C:\Program Files\Wireless LAN\WlanUtil.exe [2007-09-12 04:37:38]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-05 17:36 140976 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=wbsys.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys
    R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys
    R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
    R3 ZD1211U(WLAN);IEEE 802.11g USB Wireless LAN Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.sys
    R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-17 22:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    .
    **************************************************************************

    catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-26 18:25:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-26 18:26:09
    C:\ComboFix2.txt ... 2007-10-26 17:56
    C:\ComboFix3.txt ... 2007-10-26 16:20
    .
    --- E O F ---












    Logfile of HijackThis v1.99.1
    Scan saved at 6:32:12 PM, on 10/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\BitTorrent_DNA\dna.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Wireless LAN\WlanUtil.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1EE54099-3510-4FC0-A365-91879C026584} - C:\WINDOWS\system32\ddayx.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F68F2710-8E7A-4C42-965D-5F827583C974}: NameServer = 192.168.2.1
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
     
  5. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Run HijackThis, and press "Do a System Scan Only".
    1. When the scan is complete place a check mark next to the following entries:

    O2 - BHO: (no name) - {1EE54099-3510-4FC0-A365-91879C026584} - C:\WINDOWS\system32\ddayx.dll (file missing)

    2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...



    How is everything running???
     
  6. rustedhalo

    rustedhalo Thread Starter

    Joined:
    Oct 24, 2007
    Messages:
    7
    Everything seems to be running A-OK. I let some apps run for a while to make sure they didn't crash. Internet browsing seems smooth with no pop-ups. I just finished watching a DVD as my media player was affected...everything seems good. I thank you for your quick response time and all your help.

    Take Care,
    Danny
     
  7. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Your log is clean!!!!! (y)


    Lets remove the tools, i had you downloaded. Delete the following files and folders:
    C:\QooBox

    On your Desktop
    ComboFix.exe


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u3.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version.



    Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

    To SET A NEW RESTORE POINT:
    1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
    2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    3. Then go to Start > Run and type: Cleanmgr
    4. Click "OK".
    5. Click the "More Options" Tab.
    6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

    Graphics for doing this are in the following links if you need them.
    How to Create a Restore Point.
    How to use Cleanmgr.

    ======================================

    Here is some useful information on keeping your computer clean:
    1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
    2. If you don't have a Firewall installed, please choose from the following:
    3. If you don't have a Anti-Virus installed, please download the following free program:
    4. Here are two great Preventive programs:
      • SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
      • IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
    5. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
      • Red for Warning
      • Yellow for Use Caution
      • Green for Safe
      • Grey for Unknown

      Here are the link to install SiteAdisor in Internet Explorer and Firefox
    6. Anti-Spyware Programs I Recommend:
    7. For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place]
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/643964

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice