WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93115 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

computer is reallymessed up!

Started by otep0719 , Oct 24 2006 07:48 PM

Please log in to reply

14 replies to this topic

#1 otep0719

New Member

Authentic Member
14 posts

Posted 24 October 2006 - 07:48 PM

please help my fix my computer. i don't know what i have. here is my HJT log. thank you very much

Logfile of HijackThis v1.99.0
Scan saved at 9:38:38 PM, on 10/24/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\WINNT\UEMgRGlzdHJpYnV0aW9uIDIwMDI\command.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\ZipToA.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\apps\QuickTime\qttask.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINNT\ajozoozA.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\winstall.exe
C:\WINNT\system32\PPPATC~1\msdtc.exe
C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
C:\Program Files\Imation\ImationFlashDetect.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\explorer.exe
D:\Documents and Settings\Administrator\Desktop\spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\pxbvn.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,btiyxwg.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINNT\system\ctldlg32.dll
O2 - BHO: (no name) - {3F508AB1-6BBA-C983-6D11-032A0C7AF158} - C:\WINNT\system32\nkejwol.dll (file missing)
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINNT\system32\durvil1.dll (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {C6E00DDA-FEAF-4D28-ADC4-055240E8F907} - C:\WINNT\system32\tuvuvwx.dll
O2 - BHO: (no name) - {CA6BB024-AA09-4817-9E13-CB7A88B124BF} - C:\Program Files\Windows Media Player\vijyxol.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Clear Cut] C:\Program Files\ClearCut\streamer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\apps\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [eae46b8a] RUNDLL32.EXE w712c1d5.dll,n 00646b8400000012712c1d5
O4 - HKLM\..\Run: [mmcrat06] C:\WINNT\mmputt.exe
O4 - HKLM\..\Run: [sys0135357038] C:\WINNT\sys0135357038.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\apps\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ACTX1] C:\WINNT\v1201.exe
O4 - HKLM\..\Run: [qykcscn.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\qykcscn.dll,ztrtgce
O4 - HKLM\..\Run: [SystemLoader] C:\WINNT\sysldr32.exe
O4 - HKLM\..\Run: [sachost] C:\WINNT\sachostx.exe
O4 - HKLM\..\Run: [win320603835357] C:\WINNT\win320603835357.exe
O4 - HKLM\..\Run: [sys0253570383] C:\WINNT\sys0253570383.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\qwinkpem.exe GEN001
O4 - HKLM\..\Run: [ajozoozA] C:\WINNT\ajozoozA.exe
O4 - HKLM\..\Run: [_mzu_stonedrv7] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - HKLM\..\Run: [dmwsu.exe] C:\WINNT\system32\dmwsu.exe
O4 - HKLM\..\RunServices: [_mzu_stonedrv7] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Rrwt] "C:\WINNT\system32\PPPATC~1\msdtc.exe" -vt yazb
O4 - HKCU\..\Run: [ntdll.dll] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [_mzu_stonedrv7] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - Startup: ImationFlashDetect.lnk = C:\Program Files\Imation\ImationFlashDetect.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: Microsoft WFC Forms Designer - file://D:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\VJ98\vstudio6.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.3.1_06) - http://fdu.blackboar...ib//jre-1_5.exe
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/n/us22/n.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{082C5A1A-4A7B-48A9-B181-B4CB112B6334}: NameServer = 85.255.116.157
O17 - HKLM\System\CCS\Services\Tcpip\..\{73736989-253F-45F5-9283-B93516FBEF24}: NameServer = 85.255.116.157
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9F18CD5-AEBA-4834-A4D2-917BAB7AC0A4}: NameServer = 85.255.116.157
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.157 85.255.112.166
O17 - HKLM\System\CS1\Services\Tcpip\..\{082C5A1A-4A7B-48A9-B181-B4CB112B6334}: NameServer = 85.255.116.157
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.157 85.255.112.166
O17 - HKLM\System\CS2\Services\Tcpip\..\{082C5A1A-4A7B-48A9-B181-B4CB112B6334}: NameServer = 85.255.116.157
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.157 85.255.112.166
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: c:\winnt\system32\ldcore.dll
O21 - SSODL: IEFilter - {3935984B-EE2D-4670-BC07-A94881B19801} - C:\WINNT\system32\IEFilter.dll
O23 - Service: Aluria Spyware Eliminator Service - Unknown - C:\PROGRA~1\ALURIA~1\ASE\ASEServ.exe (file missing)
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Command Service - Unknown - C:\WINNT\UEMgRGlzdHJpYnV0aW9uIDIwMDI\command.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Network Monitor - Unknown - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor - Unknown - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Overlay Components - Unknown - C:\WINNT\ajozooz.exe (file missing)
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe

Advertisements

Register to Remove

#2 Angelfire

Silver Member

Authentic Member
371 posts

Posted 25 October 2006 - 08:10 AM

Hi, Welcome to Tom Coyote's I'm Angelfire777 and it'll be my pleasure to assist you in your problem. Reasearching Hijackthis logs could take sometime so please, be patient while I research a fix for you. Also, I have to let experts check my fixes first before bringing them to you. Please hold on.

#3 Angelfire

Silver Member

Authentic Member
371 posts

Posted 26 October 2006 - 02:47 AM

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

____________________________________

Should you decide to clean your computer, please download and and install a newer version of HijackThis.

Click HERE to download a self-extracting version of Hijackthis 1.99.1. Double click on the file, by default it will extract itself to C:\Hijackthis

Next, double click on Hijackthis.exe. Click "Scan System and Save a Logfile." A Notepad will appear in your screen, copy and paste the contents of the notepad to your next reply.

#4 otep0719

New Member

Authentic Member
14 posts

Posted 31 October 2006 - 11:46 PM

thank you for helping me. before i got your reply, i tried to fixed it myself. i deleted some files that i thought were sypwares or malwares using HJT and Killbox......it was a bad idea!! every time i open my computer, things pop up like, error loading some svchost dll and some other file, then my computer will restart by itself. the only way i can open my computer is if i boot it up in safe mode. anyway, here is my HJT log. thanks again and hope you can help me.

Logfile of HijackThis v1.99.1
Scan saved at 12:22:33 AM, on 11/1/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pxbvn.exe
C:\WINNT\system32\yokrnr.exe
C:\WINNT\system32\pxbvn.exe
C:\WINNT\system32\pxbvn.exe
C:\WINNT\explorer.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\pxbvn.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,btiyxwg.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINNT\system\ctldlg32.dll
O2 - BHO: (no name) - {3F508AB1-6BBA-C983-6D11-032A0C7AF158} - C:\WINNT\system32\nkejwol.dll (file missing)
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINNT\system32\durvil1.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AutoSearch - {A55581DC-2CDB-4089-8878-71A080B22342} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {C6E00DDA-FEAF-4D28-ADC4-055240E8F907} - C:\WINNT\system32\tuvuvwx.dll
O2 - BHO: (no name) - {CA6BB024-AA09-4817-9E13-CB7A88B124BF} - C:\Program Files\Windows Media Player\vijyxol.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Happytofind Toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINNT\system32\gtool.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Clear Cut] C:\Program Files\ClearCut\streamer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\apps\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [eae46b8a] RUNDLL32.EXE w712c1d5.dll,n 00646b8400000012712c1d5
O4 - HKLM\..\Run: [mmcrat06] C:\WINNT\mmputt.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\yokrnr.exe reg_run
O4 - HKLM\..\Run: [ACTX1] C:\WINNT\v1201.exe
O4 - HKLM\..\Run: [qykcscn.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\qykcscn.dll,ztrtgce
O4 - HKLM\..\Run: [SystemLoader] C:\WINNT\sysldr32.exe
O4 - HKLM\..\Run: [sachost] C:\WINNT\sachostx.exe
O4 - HKLM\..\Run: [win320603835357] C:\WINNT\win320603835357.exe
O4 - HKLM\..\Run: [sys0253570383] C:\WINNT\sys0253570383.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\qwinkpem.exe GEN001
O4 - HKLM\..\Run: [ajozoozA] C:\WINNT\ajozoozA.exe
O4 - HKLM\..\Run: [_mzu_stonedrv7] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - HKLM\..\Run: [1pop06apelt2] C:\WINNT\elitepop06.exe
O4 - HKLM\..\Run: [{AA-A7-75-57-ZN}] c:\winnt\system32\dwdsregt.exe ELT001
O4 - HKLM\..\Run: [ygojnp] C:\WINNT\system32\yokrnr.exe reg_run
O4 - HKLM\..\Run: [vjsfwrwA] C:\WINNT\vjsfwrwA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ms0457038353] C:\WINNT\ms0457038353.exe
O4 - HKLM\..\Run: [ms0335703835] C:\WINNT\ms0335703835.exe
O4 - HKLM\..\Run: [dmagr.exe] C:\WINNT\system32\dmagr.exe
O4 - HKLM\..\RunServices: [_mzu_stonedrv7] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - HKLM\..\RunServices: [ntdll.dll] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Rrwt] "C:\WINNT\system32\PPPATC~1\msdtc.exe" -vt yazb
O4 - HKCU\..\Run: [ntdll.dll] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [_mzu_stonedrv7] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [udvko] C:\WINNT\system32\yokrnr.exe reg_run
O4 - Startup: ImationFlashDetect.lnk = C:\Program Files\Imation\ImationFlashDetect.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: rwvst.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\system32\gtool.dll
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\system32\gtool.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: Microsoft WFC Forms Designer - file://D:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\VJ98\vstudio6.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.3.1_06) - http://fdu.blackboar...ib//jre-1_5.exe
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/n/us22/n.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{082C5A1A-4A7B-48A9-B181-B4CB112B6334}: NameServer = 85.255.116.157
O17 - HKLM\System\CCS\Services\Tcpip\..\{73736989-253F-45F5-9283-B93516FBEF24}: NameServer = 85.255.116.157
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9F18CD5-AEBA-4834-A4D2-917BAB7AC0A4}: NameServer = 85.255.116.157
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.157 85.255.112.166
O17 - HKLM\System\CS1\Services\Tcpip\..\{082C5A1A-4A7B-48A9-B181-B4CB112B6334}: NameServer = 85.255.116.157
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.157 85.255.112.166
O17 - HKLM\System\CS2\Services\Tcpip\..\{082C5A1A-4A7B-48A9-B181-B4CB112B6334}: NameServer = 85.255.116.157
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.157 85.255.112.166
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: c:\winnt\system32\ldcore.dll
O20 - Winlogon Notify: tuvuvwx - C:\WINNT\SYSTEM32\tuvuvwx.dll
O21 - SSODL: IEFilter - {3935984B-EE2D-4670-BC07-A94881B19801} - C:\WINNT\system32\IEFilter.dll
O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ASE\ASEServ.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\UEMgRGlzdHJpYnV0aW9uIDIwMDI\command.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\ajozooz.exe (file missing)
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe

#5 Angelfire

Silver Member

Authentic Member
371 posts

Posted 01 November 2006 - 07:07 PM

Your system has been seriously compromised. Please take time to read my warning in my previous post and tell me in your next post what you have decided to do with that computer.

Should you decide to clean up your computer, we need to restore everything that you have deleted and hopefully that might help you enter normal mode..

________________________________

To restore the backups:

Open HijackThis.
Click "Open the Misc Tools section".
Click "Backups" in the upper part of HijackThis.
Put a check beside ALL the entries you find there.
On the right side, click "Restore".
Exit HijackThis.

Using Windows Explorer, please navigate to C:\!Killbox\Logs .. There should be a file there called kb.log . Please copy and paste all the contents of that file to your next reply along with a fresh HijackThis log.

#6 otep0719

New Member

Authentic Member
14 posts

Posted 07 November 2006 - 12:13 AM

hi! i didn't find the back up files for HJT, the list was empty. i also didn't find the back ups for kill box, i found a file name kill, it's a kill box log file, but there was nothing on it. however, i went to the recycle bin folder and restore all the files. i still couldn't open my computer in normal mode, a command prompt window about svc host always popped up and restart by itself. then i tried to connect the internet cable and open it normal mode. nothing popped up and it didn't restart by itself, it looks normal, but i can't do anything because it looked like it was still loading and it just froze. i searched for svc host exe. , i found a utility tool named regcure, do you think it will help me if i use it. anyways, here is another HJT log, not sure if still the same after connecting it to the internet. thanks.

Logfile of HijackThis v1.99.1
Scan saved at 6:11:40 PM, on 11/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pxbvn.exe
C:\WINNT\system32\yokrnr.exe
C:\WINNT\system32\pxbvn.exe
C:\WINNT\system32\pxbvn.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\pxbvn.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,btiyxwg.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINNT\system\ctldlg32.dll
O2 - BHO: (no name) - {3F508AB1-6BBA-C983-6D11-032A0C7AF158} - C:\WINNT\system32\nkejwol.dll
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINNT\system32\durvil1.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AutoSearch - {A55581DC-2CDB-4089-8878-71A080B22342} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {C6E00DDA-FEAF-4D28-ADC4-055240E8F907} - C:\WINNT\system32\tuvuvwx.dll
O2 - BHO: (no name) - {CA6BB024-AA09-4817-9E13-CB7A88B124BF} - C:\Program Files\Windows Media Player\vijyxol.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Happytofind Toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINNT\system32\gtool.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Clear Cut] C:\Program Files\ClearCut\streamer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\apps\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [eae46b8a] RUNDLL32.EXE w712c1d5.dll,n 00646b8400000012712c1d5
O4 - HKLM\..\Run: [mmcrat06] C:\WINNT\mmputt.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\yokrnr.exe reg_run
O4 - HKLM\..\Run: [ACTX1] C:\WINNT\v1201.exe
O4 - HKLM\..\Run: [qykcscn.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\qykcscn.dll,ztrtgce
O4 - HKLM\..\Run: [SystemLoader] C:\WINNT\sysldr32.exe
O4 - HKLM\..\Run: [sachost] C:\WINNT\sachostx.exe
O4 - HKLM\..\Run: [sys0253570383] C:\WINNT\sys0253570383.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\qwinkpem.exe GEN001
O4 - HKLM\..\Run: [ajozoozA] C:\WINNT\ajozoozA.exe
O4 - HKLM\..\Run: [_mzu_stonedrv7] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - HKLM\..\Run: [1pop06apelt2] C:\WINNT\elitepop06.exe
O4 - HKLM\..\Run: [{AA-A7-75-57-ZN}] c:\winnt\system32\dwdsregt.exe ELT001
O4 - HKLM\..\Run: [ygojnp] C:\WINNT\system32\yokrnr.exe reg_run
O4 - HKLM\..\Run: [vjsfwrwA] C:\WINNT\vjsfwrwA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ms0457038353] C:\WINNT\ms0457038353.exe
O4 - HKLM\..\Run: [ms0335703835] C:\WINNT\ms0335703835.exe
O4 - HKLM\..\Run: [dmjde.exe] C:\WINNT\system32\dmjde.exe
O4 - HKLM\..\RunServices: [_mzu_stonedrv7] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - HKLM\..\RunServices: [ntdll.dll] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Rrwt] "C:\WINNT\system32\PPPATC~1\msdtc.exe" -vt yazb
O4 - HKCU\..\Run: [ntdll.dll] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [_mzu_stonedrv7] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [udvko] C:\WINNT\system32\yokrnr.exe reg_run
O4 - Startup: ImationFlashDetect.lnk = C:\Program Files\Imation\ImationFlashDetect.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: TA_Start.lnk = C:\WINNT\system32\dwdsregt.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: rwvst.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\system32\gtool.dll
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\system32\gtool.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: Microsoft WFC Forms Designer - file://D:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\VJ98\vstudio6.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.3.1_06) - http://fdu.blackboar...ib//jre-1_5.exe
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/n/us22/n.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{082C5A1A-4A7B-48A9-B181-B4CB112B6334}: NameServer = 85.255.116.157
O17 - HKLM\System\CCS\Services\Tcpip\..\{73736989-253F-45F5-9283-B93516FBEF24}: NameServer = 85.255.116.157
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9F18CD5-AEBA-4834-A4D2-917BAB7AC0A4}: NameServer = 85.255.116.157
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.157 85.255.112.166
O17 - HKLM\System\CS1\Services\Tcpip\..\{082C5A1A-4A7B-48A9-B181-B4CB112B6334}: NameServer = 85.255.116.157
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.157 85.255.112.166
O17 - HKLM\System\CS2\Services\Tcpip\..\{082C5A1A-4A7B-48A9-B181-B4CB112B6334}: NameServer = 85.255.116.157
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.157 85.255.112.166
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: c:\winnt\system32\ldcore.dll
O20 - Winlogon Notify: tuvuvwx - C:\WINNT\SYSTEM32\tuvuvwx.dll
O21 - SSODL: IEFilter - {3935984B-EE2D-4670-BC07-A94881B19801} - C:\WINNT\system32\IEFilter.dll
O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ASE\ASEServ.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\UEMgRGlzdHJpYnV0aW9uIDIwMDI\command.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\ajozooz.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe

#7 Angelfire

Silver Member

Authentic Member
371 posts

Posted 09 November 2006 - 02:41 AM

i found a utility tool named regcure, do you think it will help me if i use it.

No, it won't help you because the problem is not on your registry but because of the numerous malware that is present in your computer..

I noticed that you are not running any AntiVirus application which is probably why you have so many malware on your machine. Please download and install ONE of these:

» Avast!
» AVG AntiVirus
» AntiVir
___________________

Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

O1 - Hosts: localhost 127.0.0.1
O4 - HKLM\..\Run: [dmjde.exe] C:\WINNT\system32\dmjde.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{082C5A1A-4A7B-48A9-B181-B4CB112B6334}: NameServer = 85.255.116.157
O17 - HKLM\System\CCS\Services\Tcpip\..\{73736989-253F-45F5-9283-B93516FBEF24}: NameServer = 85.255.116.157
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9F18CD5-AEBA-4834-A4D2-917BAB7AC0A4}: NameServer = 85.255.116.157
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.157 85.255.112.166
O17 - HKLM\System\CS1\Services\Tcpip\..\{082C5A1A-4A7B-48A9-B181-B4CB112B6334}: NameServer = 85.255.116.157
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.157 85.255.112.166
O17 - HKLM\System\CS2\Services\Tcpip\..\{082C5A1A-4A7B-48A9-B181-B4CB112B6334}: NameServer = 85.255.116.157
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.157 85.255.112.166

Close your browsers and all open windows except for HijackThis, then click "Fix checked".

___________________

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt

#8 otep0719

New Member

Authentic Member
14 posts

Posted 17 November 2006 - 11:03 AM

hi! i did what you told me. i install avast and fixwareout. at first, fixwareout didn't work, because it was missing the BFU.exe and i have to download it. after installing fixwareout and run it, it took a really long time to reboot, i thought i froze so i aborted, but then i did it again and let it run for the whole day and it finished. anyway, after that, i open my computer and avast keeps finding a lot of malwares, trojans, etc. when i tried to move or delete it, it won't let me, it says, the file is being use by another processes. and also, command prompt window for winnt 32 svchost also keeps popping. when i scan for HJT, they were popping up. if i'm connected to the internet, there were no pup ups from avast. thank you very much!!
_______________________________________________________________________________

here is report log for fixwareout

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C6CCD94F6F78-ABDB-6AC4-AE85-690959D6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C009F8625432-F978-0354-A41F-E76CAA78{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E87AC72400BE-1709-52A4-54BC-3716B8FE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4E542909E8D0-36E9-0A14-3D47-F1FDF1E0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}68D0233CE859-AD8A-E464-BAF0-A9233E92{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D76F4F9DD06E-FCEA-F204-1C02-F8C7FD81{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7B0064C503E0-0FC8-3AF4-D087-4D22E79D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\17
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\22
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\ntdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\naumd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...
_____________________________________________________________________________

here is the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 11:50:59 PM, on 11/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\ZipToA.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\apps\QuickTime\qttask.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINNT\sysldr32.exe
C:\WINNT\system32\qwinkpem.exe
C:\WINNT\elitepop06.exe
C:\WINNT\vjsfwrwA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10MT1.EXE
C:\hijackthis\HijackThis.exe
C:\WINNT\system32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\pxbvn.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,btiyxwg.exe
O2 - BHO: Bucket Class - {00000001-C003-4A2F-9142-7CB1D78DE6C1} - C:\WINNT\tct101.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINNT\system\ctldlg32.dll
O2 - BHO: (no name) - {3F508AB1-6BBA-C983-6D11-032A0C7AF158} - C:\WINNT\system32\nkejwol.dll
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINNT\system32\durvil1.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AutoSearch - {A55581DC-2CDB-4089-8878-71A080B22342} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {C6E00DDA-FEAF-4D28-ADC4-055240E8F907} - C:\WINNT\system32\tuvuvwx.dll
O2 - BHO: (no name) - {CA6BB024-AA09-4817-9E13-CB7A88B124BF} - C:\Program Files\Windows Media Player\vijyxol.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Happytofind Toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINNT\system32\gtool.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Clear Cut] C:\Program Files\ClearCut\streamer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\apps\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [eae46b8a] RUNDLL32.EXE w712c1d5.dll,n 00646b8400000012712c1d5
O4 - HKLM\..\Run: [mmcrat06] C:\WINNT\mmputt.exe
O4 - HKLM\..\Run: [qykcscn.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\qykcscn.dll,ztrtgce
O4 - HKLM\..\Run: [SystemLoader] C:\WINNT\sysldr32.exe
O4 - HKLM\..\Run: [sachost] C:\WINNT\sachostx.exe
O4 - HKLM\..\Run: [sys0253570383] C:\WINNT\sys0253570383.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\qwinkpem.exe GEN001
O4 - HKLM\..\Run: [1pop06apelt2] C:\WINNT\elitepop06.exe
O4 - HKLM\..\Run: [{AA-A7-75-57-ZN}] c:\winnt\system32\dwdsregt.exe ELT001
O4 - HKLM\..\Run: [vjsfwrwA] C:\WINNT\vjsfwrwA.exe
O4 - HKLM\..\Run: [ms0457038353] C:\WINNT\ms0457038353.exe
O4 - HKLM\..\Run: [ms0335703835] C:\WINNT\ms0335703835.exe
O4 - HKLM\..\Run: [ajozoozA] C:\WINNT\ajozoozA.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Rrwt] "C:\WINNT\system32\PPPATC~1\msdtc.exe" -vt yazb
O4 - HKCU\..\Run: [ntdll.dll] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [_mzu_stonedrv7] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [udvko] C:\WINNT\system32\yokrnr.exe reg_run
O4 - Startup: ImationFlashDetect.lnk = C:\Program Files\Imation\ImationFlashDetect.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: rwvst.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\system32\dmonwv.dll
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\system32\gtool.dll
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\system32\gtool.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: Microsoft WFC Forms Designer - file://D:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\VJ98\vstudio6.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.3.1_06) - http://fdu.blackboar...ib//jre-1_5.exe
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/n/us22/n.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: c:\winnt\system32\ldcore.dll,iefiaoln.dll
O20 - Winlogon Notify: tuvuvwx - C:\WINNT\SYSTEM32\tuvuvwx.dll
O21 - SSODL: IEFilter - {3935984B-EE2D-4670-BC07-A94881B19801} - C:\WINNT\system32\IEFilter.dll
O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ASE\ASEServ.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\ajozooz.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe

#9 Angelfire

Silver Member

Authentic Member
371 posts

Posted 18 November 2006 - 06:59 AM

Hi, the fixwareout report you posted was incomplete. If those are the only contents of the report created by fixwareout, please run fixwareout again by navigating to C:\fixwareout and double click fixit.bat then please post the new report created by fixwareout.

*Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

*Download CCleaner from here to clean temp files from your computer.

Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location. Click Install then finish to complete installation.
Close CCleaner

DO NOT USE IT YET

_______________________________

*Please download VundoFix.exe to your Desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

*Download combofix.exe

1. Double click combofix.exe & follow the prompts.
2. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

______________________________

You may want to print these instructions here or save them in notepad since you'll work offline.

Reboot into Safe Mode.

To enter Safe Mode..

Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

______________________________

Double click the CCleaner shortcut on the desktop to start the program.
On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
Click on the "Options" icon at the left side of the window, then click on "Advanced."
deselect "Only delete files in Windows Temp folders older than 48 hours."
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
After CCleaner has completed its process, click Exit.

Please run AVG AntiSpyware, and run a full scan as follow:

IMPORTANT: Do not open any other windows or programs while AVG AntiSpyware is scanning, it may interfere with the scanning process.

Launch AVG AntiSpyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG AntiSpyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save Report As" button in the lower left hand of the screen and save it to a text file on your system. (Make sure to remember where you saved that file, this is important).
Close AVG AntiSpyware.
Reboot to normal mode.

_____________________

Run Panda Active Scan

Once you are on the Panda site click the Scan Your PC button.
A new window will open...click the Check Now button.
Enter your Country.
Enter your State/Province.
Enter your E-mail Address and click Send.
Select either Home User or Company.
Click the big Scan Now button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

On your next reply, please include a fresh HijackThis log, AVG Antispyware log, C:\fixwareout\report.txt , Panda Activescan log, vundofix log and the combofix log.

#10 Angelfire

Silver Member

Authentic Member
371 posts

Posted 28 November 2006 - 03:19 PM

Hi, how are you doing with the fix?

#11 otep0719

New Member

Authentic Member
14 posts

Posted 28 November 2006 - 11:38 PM

hi! i'm still having problem with the fixwareout, i execute the program many times, letting it run for days, but it never finish. should i cotinue without the fixwareout report?

#12 Angelfire

Silver Member

Authentic Member
371 posts

Posted 29 November 2006 - 03:54 AM

Please continue the fix

#13 Angelfire

Silver Member

Authentic Member
371 posts

Posted 04 December 2006 - 04:19 AM

hey how are you doing with the fix?

#14 otep0719

New Member

Authentic Member
14 posts

Posted 19 December 2006 - 12:17 AM

i'm sorry it took me a long time to reply. i was a little busy with school. anyways, i'm still having problem with the fixwareout. it never finish, it's just stuck even if i let it run for 7 days, nothing happens. my computer seems to be working alright now. it's getting there. no more crazy command prompt pop ups, and i can actually run in normal mode. i know there are still malwares, viruses, spywares, etc. here are my reports. vundo did not find any infections, so there is no report.

HJT LOG

Logfile of HijackThis v1.99.1
Scan saved at 1:08:19 AM, on 12/19/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\ZipToA.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\apps\QuickTime\qttask.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
C:\Program Files\Imation\ImationFlashDetect.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {3F508AB1-6BBA-C983-6D11-032A0C7AF158} - C:\WINNT\system32\nkejwol.dll (file missing)
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINNT\system32\durvilx.dll (file missing)
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O2 - BHO: AutoSearch - {A55581DC-2CDB-4089-8878-71A080B22342} - (no file)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Clear Cut] C:\Program Files\ClearCut\streamer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\apps\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [qykcscn.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\qykcscn.dll,ztrtgce
O4 - HKLM\..\Run: [{AA-A7-75-57-ZN}] c:\winnt\system32\dwdsregt.exe ELT001
O4 - HKLM\..\Run: [ms0457038353] C:\WINNT\ms0457038353.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Rrwt] "C:\WINNT\system32\PPPATC~1\msdtc.exe" -vt yazb
O4 - HKCU\..\Run: [ntdll.dll] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [_mzu_stonedrv7] c:\winnt\system32\_mzu_stonedrv7.exe
O4 - Startup: ImationFlashDetect.lnk = C:\Program Files\Imation\ImationFlashDetect.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\system32\gtool.dll (file missing)
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\system32\gtool.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: Microsoft WFC Forms Designer - file://D:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\VJ98\vstudio6.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.3.1_06) - http://fdu.blackboar...ib//jre-1_5.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/n/us22/n.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: c:\winnt\system32\ldcore.dll
O21 - SSODL: IEFilter - {3935984B-EE2D-4670-BC07-A94881B19801} - C:\WINNT\system32\IEFilter.dll (file missing)
O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ASE\ASEServ.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Service - Unknown owner - C:\WINNT\system32\Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe

_______________________________________________________________________

PANDA SCAN

Incident Status Location

Adware:Adware/PurityScan Not disinfected c:\program files\pscastor\pscastor.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
Spyware:spyware/new.net Not disinfected c:\program files\newdotnet\newdotnet7_22.dll
Adware:adware/superspider Not disinfected c:\program files\q330994.exe
Virus:w32/locksky.au.worm Disinfected Operating system
Adware:adware/adsmart Not disinfected c:\winnt\system32\vx.tll
Virus:trj/torpig.a Disinfected Operating system
Adware:adware/ilookup Not disinfected c:\program files\internet explorer\Iesearch.exe
Adware:adware/cws Not disinfected d:\documents and settings\all users\favorites\Download Free Spyware Remover.url
Adware:adware/winprotect Not disinfected c:\winnt\balloon.wav
Adware:adware/sbsoft Not disinfected c:\winnt\rdt.ini
Spyware:spyware/media-motor Not disinfected c:\winnt\unstall.exe
Adware:adware/megatds Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/popper Not disinfected Windows Registry
Adware:adware/commad Not disinfected Windows Registry
Adware:adware/spysheriff Not disinfected Windows Registry
Virus:trj/spabot.e Disinfected Operating system
Adware:adware/happytofind Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/mediatickets Not disinfected Windows Registry
Potentially unwanted tool:application/kill&clean Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{BF69DF00-2734-477F-8257-27CD04F88779}
Adware:adware/azesearch Not disinfected Windows Registry
Adware:adware/toolbarsimbar Not disinfected Windows Registry
Possible Virus. Not disinfected C:\fixwareout\FindT\swreg.exe
Virus:Trj/Multidropper.BES Disinfected C:\pri\porn\foto.zip[setup.exe]
Adware:Adware/BraveSentry Not disinfected C:\Program Files\BHO Plugin\plugin1.dll
Spyware:Spyware/New.net Not disinfected C:\Program Files\NewDotNet\uninstall6_38.exe
Spyware:Spyware/New.net Not disinfected C:\Program Files\NewDotNet\uninstall7_22.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\PSDream\upd.exe
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\tuvuvwx.dll.bad
Adware:Adware/WebHancer Not disinfected C:\WINNT\hancerdoem.exe[whCC-GIANT3.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\WINNT\hancerdoem.exe[whCC-GIANT3.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\WINNT\hancerdoem.exe[whCC-GIANT3.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\WINNT\hancerdoem.exe[whCC-GIANT3.exe][whiehlpr.dll]
Spyware:Spyware/New.net Not disinfected C:\WINNT\NDNuninstall6_38.exe
Spyware:Spyware/New.net Not disinfected C:\WINNT\NDNuninstall6_90.exe
Spyware:Spyware/New.net Not disinfected C:\WINNT\NDNuninstall6_98.exe
Spyware:Spyware/New.net Not disinfected C:\WINNT\NDNuninstall7_14.exe
Spyware:Spyware/New.net Not disinfected C:\WINNT\NDNuninstall7_22.exe
Adware:Adware/DigInk Not disinfected C:\WINNT\Setup90.exe[Sos28.exe]
Adware:Adware/DigInk Not disinfected C:\WINNT\Setup90.exe[TagASaurus.exe]
Adware:Adware/DigInk Not disinfected C:\WINNT\Setup99.exe
Spyware:Spyware/7r7t Not disinfected C:\WINNT\srvoyljfhf.exe
Spyware:Spyware/7r7t Not disinfected C:\WINNT\srvswotmqd.exe
Adware:Adware/DigInk Not disinfected C:\WINNT\srvuasidgz.exe
Spyware:Spyware/7r7t Not disinfected C:\WINNT\srvwueoqqq.exe
Spyware:Spyware/7r7t Not disinfected C:\WINNT\srvyimalmx.exe
Adware:Adware/BraveSentry Not disinfected C:\WINNT\system32\dlh9jkd1q2.exe
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINNT\system32\druid_unknown.exe
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINNT\system32\durvilx.exe
Adware:Adware/VirusBurst Not disinfected C:\WINNT\system32\gtpbx.dll
Spyware:Spyware/Melkosoft Not disinfected C:\WINNT\system32\hobfv2j.dll
Virus:Trj/Alanchum.LI Disinfected C:\WINNT\system32\kernels88.exe
Adware:Adware/Zenosearch Not disinfected C:\WINNT\system32\ojdsregm.exe
Possible Virus. Not disinfected C:\WINNT\system32\qwinkpem.exe
Adware:Adware/SpySheriff Not disinfected C:\WINNT\system32\six.exe
Adware:Adware/SBSoft Not disinfected C:\WINNT\system32\webdlg32.inf
Adware:Adware/QuickWeb Not disinfected C:\WINNT\system32\{0E1FDF1F-74D3-41A0-9E63-0D8E909245E4}.exe
Adware:Adware/Kill&Clean Not disinfected C:\WINNT\system32\{18DF7C8F-20C1-402F-AECF-E60DD9F4F67D}.exe
Adware:Adware/Findspy Not disinfected C:\WINNT\system32\{EF8B6173-CB45-4A25-9071-EB00427CA78E}.exe
Adware:Adware/SBSoft Not disinfected C:\WINNT\system32\{F5CD6E91-E8EC-4F99-AFF9-B84B512364C6}.dll
Adware:Adware/PurityScan Not disinfected C:\WINNT\system32\??rss.exe
Adware:Adware/Zenosearch Not disinfected C:\WINNT\TIELT001.exe
Adware:Adware/CommAd Not disinfected C:\WINNT\UEMgRGlzdHJpYnV0aW9uIDIwMDI\asappsrv.dll
Adware:Adware/CommAd Not disinfected C:\WINNT\UEMgRGlzdHJpYnV0aW9uIDIwMDI\command.exe
Adware:Adware/CommAd Not disinfected C:\WINNT\UEMgRGlzdHJpYnV0aW9uIDIwMDI\oHg0l35WxJLDsBpXuq6RKGKTgGK.vbs
Adware:Adware/DigInk Not disinfected C:\WINNT\uni_e6h.exe
Adware:Adware/Popup.pop Not disinfected C:\WINNT\winsx.cab
Adware:Adware/IntCodec Not disinfected D:\Documents and Settings\Administrator\Desktop\lp\intcodec-v6.830.exe
Adware:Adware/ActiveSearch Not disinfected D:\Documents and Settings\All Users\Application Data\AutoSearch.dll
Adware:Adware/CommAd Not disinfected D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\3XFPD4V8\installer[1].exe
Spyware:Spyware/7r7t Not disinfected D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\AZIVWF4T\Tspd[1].exe
Spyware:Spyware/7r7t Not disinfected D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CHWT21CX\batty2[1].exe
Adware:Adware/Yazzle Not disinfected D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CHWT21CX\padupd6[1].exe
Adware:Adware/Yazzle Not disinfected D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\GOA0ZS1Q\YazzleBundle-1324[1].exe

___________________________________________________________________

COMBO FIX LOG

Otep - Mon 12/18/2006 21:39:39.59 Service Pack 4
ComboFix 06.11.9 - Running from: "G:\New Folder"

((((((((((((((((((((((((((((((( Files Created from 2006-11-18 to 2006-12-18 ))))))))))))))))))))))))))))))))))

2006-12-05 19:22 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2006-11-28 22:33 0 --a------ C:\WINNT\system32\Service.exe
2006-11-23 22:07 378 ---hs---- C:\WINNT\system32\pqstv.ini2
2006-11-19 22:29 96,256 --a------ C:\WINNT\system32\durvilx.exe
2006-11-19 22:29 151,552 --a------ C:\WINNT\system32\durvilx.dll
2006-11-19 22:29 110,592 --a------ C:\WINNT\v1201.exe
2006-11-19 22:29 0 --a------ C:\WINNT\druid_unknown.exe
2006-11-19 22:16 96,256 --a------ C:\WINNT\system32\druid_unknown.exe
2006-11-19 21:59 9,767 --a--c--- C:\srusprsr.exe
2006-11-19 21:59 9,767 --a--c--- C:\srusprsr.exe
2006-11-19 21:59 3,584 --a------ C:\WINNT\system32\msasvc.exe
2006-11-19 21:56 8,058 --a------ C:\WINNT\system32\kernels88.exe
2006-11-19 21:56 74,752 --a--c--- C:\umnsclry.exe
2006-11-19 21:56 74,752 --a--c--- C:\umnsclry.exe
2006-11-19 21:56 7,408 --a------ C:\WINNT\system32\dlh9jkd1q7.exe
2006-11-19 21:56 6,896 --a------ C:\WINNT\system32\dlh9jkd1q6.exe
2006-11-19 21:56 4,547 --a------ C:\WINNT\system32\dlh9jkd1q5.exe
2006-11-19 21:56 2,518 --a------ C:\WINNT\system32\dlh9jkd1q1.exe
2006-11-19 21:56 18,672 --a------ C:\WINNT\system32\dlh9jkd1q2.exe
2006-11-19 21:56 15 --a------ C:\WINNT\system32\dlh9jkd1q8.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-05 20:20 -------- d-a------ C:\Program Files\Common Files
2006-12-05 20:20 -------- d-a------ C:\Program Files\Common Files
2006-12-05 19:25 -------- d-------- C:\Program Files\CCleaner
2006-12-05 19:25 -------- d-------- C:\Program Files\CCleaner
2006-12-05 19:22 -------- d-------- C:\Program Files\Grisoft
2006-12-05 19:22 -------- d-------- C:\Program Files\Grisoft
2006-11-28 21:49 -------- d-------- C:\Program Files\Windows Media Player
2006-11-28 21:49 -------- d-------- C:\Program Files\Windows Media Player
2006-11-28 21:17 9906 --a------ C:\WINNT\system32\sachostp.exe
2006-11-28 21:17 6144 --a------ C:\WINNT\system32\msvcrl.dll
2006-11-28 21:17 26152 --a------ C:\WINNT\sachostx.exe
2006-11-14 22:24 -------- d-a-s---- C:\Program Files\NewDotNet
2006-11-14 22:24 -------- d-a-s---- C:\Program Files\NewDotNet
2006-11-14 22:03 62976 --a------ C:\WINNT\system32\eae46b8a.dll
2006-11-14 17:54 5298 --a------ C:\WINNT\system32\sachostc.exe
2006-11-14 17:54 4786 --a------ C:\WINNT\system32\sachosts.exe
2006-11-14 17:54 4786 --a------ C:\WINNT\system32\sachostm.exe
2006-11-14 01:25 -------- d-------- C:\Program Files\Outlook Express
2006-11-14 01:25 -------- d-------- C:\Program Files\Outlook Express
2006-11-14 01:25 -------- d-------- C:\Program Files\Common Files\System
2006-11-14 01:25 -------- d-------- C:\Program Files\Common Files\Services
2006-11-14 00:17 0 --a--c--- C:\rttdkor.exe
2006-11-14 00:17 0 --a--c--- C:\rapqy.exe
2006-11-14 00:17 0 --a--c--- C:\oysb.exe
2006-11-14 00:17 0 --a--c--- C:\intutvm.exe
2006-11-14 00:17 0 --a--c--- C:\gwxelccp.exe
2006-11-14 00:17 0 --a--c--- C:\degoqatr.exe
2006-11-14 00:17 0 --a--c--- C:\dacmi.exe
2006-11-14 00:17 0 --a--c--- C:\cjccq.exe
2006-11-13 21:34 -------- d-------- C:\Program Files\Alwil Software
2006-11-13 21:34 -------- d-------- C:\Program Files\Alwil Software
2006-11-05 22:21 45056 --a--c--- C:\mpnaaq7.exe
2006-11-05 22:21 36608 --a------ C:\WINNT\nem220.dll
2006-11-05 22:21 -------- d-------- C:\Program Files\PSDream
2006-11-05 22:21 -------- d-------- C:\Program Files\PSDream
2006-11-05 22:21 -------- d-------- C:\Program Files\PSCastor
2006-11-05 22:21 -------- d-------- C:\Program Files\PSCastor
2006-11-05 18:33 277505 --a------ C:\WINNT\system32\durvil1.exe
2006-11-05 18:32 53120 --a------ C:\WINNT\srvuysvtlm.exe
2006-11-05 18:32 183476 --a------ C:\WINNT\srvyimalmx.exe
2006-10-24 21:22 36864 --a------ C:\WINNT\system32\IEFilter.dll
2006-10-24 21:21 53120 --a------ C:\WINNT\srvmxnquon.exe
2006-10-24 21:21 183476 --a------ C:\WINNT\srvwueoqqq.exe
2006-10-24 21:20 45056 --a------ C:\WINNT\vjsfwrw.exe
2006-10-24 21:20 217346 --a------ C:\WINNT\Setup90.exe
2006-10-24 21:20 -------- d--h----- C:\Program Files\BHO Plugin
2006-10-24 21:20 -------- d--h----- C:\Program Files\BHO Plugin
2006-10-24 21:19 45065 --a------ C:\WINNT\TIELT001.exe
2006-10-24 21:19 -------- d-------- C:\Program Files\Windows NT
2006-10-24 21:19 -------- d-------- C:\Program Files\Windows NT
2006-10-24 21:19 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-24 21:19 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-24 21:18 50976 --a------ C:\WINNT\elitepop06.exe
2006-10-24 21:18 433632 --a------ C:\WINNT\hancerdoem.exe
2006-10-24 21:18 2560 --a------ C:\WINNT\ac3_0002.exe
2006-10-24 20:30 -------- d-------- C:\Program Files\NZSearch
2006-10-24 20:30 -------- d-------- C:\Program Files\NZSearch
2006-10-23 22:49 45098 --a------ C:\WINNT\system32\ojdsregm.exe
2006-10-23 22:31 53120 --a------ C:\WINNT\srvommoupl.exe
2006-10-23 22:31 3749 --a------ C:\WINNT\sysldr32.exe
2006-10-23 22:31 183476 --a------ C:\WINNT\srvswotmqd.exe
2006-10-23 22:31 1232 --a------ C:\WINNT\system32\TheMatrixHasYou.exe
2006-10-23 22:31 10752 --a------ C:\WINNT\system32\MZU_DRV.sys
2006-10-23 22:30 919 --a------ C:\WINNT\system32\winpfg32.sys
2006-10-23 22:30 172155 --a------ C:\WINNT\system32\qwinkpem.exe
2006-10-23 22:19 151040 --a------ C:\WINNT\system32\durvil1.dll
2006-10-23 22:17 94720 --a------ C:\WINNT\system32\qykcscn.dll
2006-10-23 22:15 6687 --a------ C:\WINNT\system32\ldcore.dll
2006-10-23 22:13 32768 --a------ C:\WINNT\unstall.exe
2006-10-23 22:13 217276 --a------ C:\WINNT\srvuasidgz.exe
2006-10-23 22:13 186381 --a------ C:\WINNT\srvoyljfhf.exe
2006-10-23 22:13 163840 --a------ C:\WINNT\sys0135357038.exe
2006-10-23 22:13 110603 --a------ C:\WINNT\srvhtafxde.exe
2006-10-23 22:12 353280 --a------ C:\WINNT\system32\1011_113.exe
2006-10-23 22:12 2560 --a------ C:\WINNT\ac3_0018.exe
2006-10-23 22:12 215308 --a------ C:\WINNT\Setup99.exe
2006-10-23 22:12 1288 --a------ C:\WINNT\system32\eae46b8a.sys
2006-10-04 19:41 32768 --a------ C:\WINNT\system32\six.exe
2006-10-01 19:20 13560 --ahs---- C:\WINNT\system32\KGyGaAvL.sys
2006-09-25 11:45 666240 --a------ C:\WINNT\system32\aswBoot.exe
2006-09-25 11:37 90112 --a------ C:\WINNT\system32\AVASTSS.scr
2006-09-22 09:38 53248 --a------ C:\WINNT\109uninst.exe
2006-09-22 09:36 53248 --a------ C:\WINNT\uni_7eh.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"Rrwt"="\"C:\\WINNT\\system32\\PPPATC~1\\msdtc.exe\" -vt yazb"
"ntdll.dll"="c:\\winnt\\system32\\_mzu_stonedrv7.exe"
"_mzu_stonedrv7"="c:\\winnt\\system32\\_mzu_stonedrv7.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"LoadQM"="loadqm.exe"
"Iomega Startup Options"="C:\\Program Files\\Iomega\\Common\\ImgStart.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
"Deskup"="C:\\Program Files\\Iomega\\DriveIcons\\deskup.exe"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"nwiz"="nwiz.exe /install"
"IMONTRAY"="C:\\Program Files\\Intel\\Intel® Active Monitor\\imontray.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\Launch Application 2.exe -onlytray"
"DataLayer"="C:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"Motive SmartBridge"="C:\\PROGRA~1\\VERIZO~1\\SMARTB~1\\MotiveSB.exe"
"Clear Cut"="C:\\Program Files\\ClearCut\\streamer.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\apps\\QuickTime\\qttask.exe\" -atboottime"
"EPSON Stylus CX5400"="C:\\WINNT\\system32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2G1.EXE /P19 \"EPSON Stylus CX5400\" /O6 \"USB001\" /M \"Stylus CX5400\""
"qykcscn.dll"="C:\\WINNT\\system32\\rundll32.exe C:\\WINNT\\system32\\qykcscn.dll,ztrtgce"
"SystemLoader"="C:\\WINNT\\sysldr32.exe"
"sachost"="C:\\WINNT\\sachostx.exe"
"1pop06apelt2"="C:\\WINNT\\elitepop06.exe"
"{AA-A7-75-57-ZN}"="c:\\winnt\\system32\\dwdsregt.exe ELT001"
"vjsfwrwA"="C:\\WINNT\\vjsfwrwA.exe"
"ms0457038353"="C:\\WINNT\\ms0457038353.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\ComPlus Applications\\xuqyl.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Windows NT\\vinojyb.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PSCastor"="\"C:\\Program Files\\PSCastor\\PSCastor.exe\""
"Rrwt"="\"D:\\DOCUME~1\\DEFAUL~1\\APPLIC~1\\PPPATC~1\\dllhost.exe\" -vt yazb"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"Wallpaper"="Ø"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"CDRAutoRun"=dword:00000000
"ForceStartMenuLogOff"=dword:00000001
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"NoBandCustomize"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"IEFilter"="{3935984B-EE2D-4670-BC07-A94881B19801}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: Mon 2006-12-18 21:41:39.53
C:\ComboFix.txt ... 06-12-18 21:41
C:\ComboFix2.txt ... 06-12-06 01:52

______________________________________________________________________________

AVG ANTISPYWARE LOG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:19:38 PM 12/18/2006

+ Scan result:

D:\Documents and Settings\All Users\Application Data\AutoSearch.dll -> Adware.AutoSearch : No action taken.
C:\WINNT\UEMgRGlzdHJpYnV0aW9uIDIwMDI\asappsrv.dll -> Adware.CommAd : No action taken.
C:\WINNT\UEMgRGlzdHJpYnV0aW9uIDIwMDI\command.exe -> Adware.CommAd : No action taken.
HKU\.DEFAULT\Software\Classes\AutoSearch.AutoSearchObj -> Adware.CoolWebSearch : No action taken.
HKU\.DEFAULT\Software\Classes\AutoSearch.AutoSearchObj.1 -> Adware.CoolWebSearch : No action taken.
HKU\.DEFAULT\Software\Classes\AutoSearch.AutoSearchObj\CLSID -> Adware.CoolWebSearch : No action taken.
HKU\.DEFAULT\Software\Classes\AutoSearch.AutoSearchObj\CurVer -> Adware.CoolWebSearch : No action taken.
C:\WINNT\system32\{EF8B6173-CB45-4A25-9071-EB00427CA78E}.exe -> Adware.FindSpy : No action taken.
C:\WINNT\system32\hobfv2j.dll -> Adware.FreeComm : No action taken.
C:\WINNT\system32\gtpbx.dll -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\Interface\{05DDEB15-33E0-4DE3-B7CD-84E2E011D889} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\Interface\{0B386DB3-239C-41D6-85CB-CA728F31F3FC} -> Adware.Generic : No action take

#15 Angelfire

Silver Member

Authentic Member
371 posts

Posted 21 December 2006 - 11:42 PM

Hi, sorry for the delay.. been busy because of school work.. Your AVG Antispyware log looks like it has been cut off.. Moreover, you didn't make AVG clean the infected files.. Please Rescan with AVG Antispyware in safe mode and this time, make sure you choose to remove all the infections found then click the "apply all actions" button. Please post back with the whole AVG antispyware log and use separate posts if needed.

Edited by Angelfire, 21 December 2006 - 11:45 PM.

Body Background

skin color theme