Our November Competition
 User Reviews - Add Yours!
The PCHF Lounge
Go Back   PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs
Reload this Page Fixed: Constant pop-up and VAV virus
Register for a Free Account

[Fixed] Hijackthis! Logs - Constant pop-up and VAV virus posted in the Security & Safety forums; Got infected by Vista 2008 so I used Malwarebytes' Anti-Malware to remove it. It removed it but I had to delete the regedit that had the VAV name on it. ...


Reply
Scan your PC for Errors
Page 1 of 2 1 2
Old 08-18-2008   #1
Bronze Member
 
Join Date: Jun 2008
Posts: 20
PC Experience: Experienced
Default Constant pop-up and VAV virus
Got infected by Vista 2008 so I used Malwarebytes' Anti-Malware to remove it. It removed it but I had to delete the regedit that had the VAV name on it. Did not remove everything. I just still have pop ups and when ever I try to use google or yahoo it won't load expected for google which will load but would not load what I searh for. Also I use SpyBot Search and Destory to block regedit that try to change or do something, the teatimer. I denyed this one but it would not stop bugging me. It would slow down my computer because it would spam trying to change itself. "BMf76d7e4d" (new data: "Rundll32.exe "C:\WINDOWS\system32\vrauokah.dll",s") added in System Startup global entry!
Wonder if you could also help me sort out what should be blocked from spybot and what should not be blocked from spybot.
Ty in Advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:21 PM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.ex e
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BMf76d7e4d] Rundll32.exe "C:\WINDOWS\system32\vrauokah.dll",s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Startup: Mini Calendar.exe.lnk = C:\Documents and Settings\Family\Desktop\Anything\Windows Theme\Mini Calendar.exe
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...0Installer.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: uolwaf.dll tpcnwa.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11542 bytes

SpyBot Log

8/16/2008 8:54:31 PM Allowed (based on user decision) value "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" (new data: "") added in Browser Helper Object!
8/16/2008 8:54:40 PM Allowed (based on user decision) value "swg" (new data: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe") added in System Startup user entry!
8/16/2008 8:55:19 PM Allowed (based on user decision) value "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (new data: "hex:00") added in Global browser toolbar!
8/16/2008 8:55:24 PM Allowed (based on user decision) value "{AA58ED58-01DD-4d91-8333-CF10577473F7}" (new data: "") added in Browser Helper Object!
8/16/2008 8:55:41 PM Allowed (based on user decision) value "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (new data: "hex:B1,C2,18,23,65,49,D4,11,9B,18,00,90,27,A5,CD, 4F") added in User-specific browser toolbar!
8/16/2008 9:05:37 PM Denied (based on user decision) value "Antivirus" (new data: "") deleted in System Startup user entry!
8/16/2008 9:21:28 PM Allowed (based on authenticode whitelist) value "Spybot - Search & Destroy" (new data: ""C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck") added in System Startup global entry!
8/16/2008 9:29:26 PM Allowed (based on user decision) value "SpybotDeletingB4432" (new data: "command /c del "C:\WINDOWS\system32\qoMdETnO.dll"") added in System Startup user entry!
8/16/2008 9:29:28 PM Allowed (based on user decision) value "SpybotDeletingD7357" (new data: "cmd /c del "C:\WINDOWS\system32\qoMdETnO.dll"") added in System Startup user entry!
8/16/2008 9:29:29 PM Allowed (based on user decision) value "SpybotDeletingA8152" (new data: "command /c del "C:\WINDOWS\system32\qoMdETnO.dll"") added in System Startup global entry!
8/16/2008 9:29:29 PM Allowed (based on user decision) value "SpybotDeletingC122" (new data: "cmd /c del "C:\WINDOWS\system32\qoMdETnO.dll"") added in System Startup global entry!
8/16/2008 9:29:36 PM Allowed (based on authenticode whitelist) value "SpybotSnD" (new data: ""C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck") added in System Startup global entry!
8/16/2008 9:50:20 PM Allowed (based on user decision) value "SpybotDeletingB4432" (new data: "") deleted in System Startup user entry!
8/16/2008 9:50:25 PM Allowed (based on user decision) value "SpybotDeletingD7357" (new data: "") deleted in System Startup user entry!
8/16/2008 9:50:26 PM Allowed (based on user decision) value "SpybotDeletingA8152" (new data: "") deleted in System Startup global entry!
8/16/2008 9:50:27 PM Allowed (based on user decision) value "SpybotDeletingC122" (new data: "") deleted in System Startup global entry!
8/16/2008 9:50:30 PM Allowed (based on user decision) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
8/17/2008 2:36:55 AM Denied (based on user decision) value "{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}" (new data: "") added in Browser Helper Object!
8/17/2008 8:54:37 AM Allowed (based on user decision) value "Spybot - Search & Destroy" (new data: "") deleted in System Startup global entry!
8/17/2008 9:06:11 AM Denied (based on user decision) value "\SUE15D.exe" (new data: "") deleted in System Startup user entry!
8/17/2008 9:06:11 AM Denied (based on user blacklist) value "Antivirus" (new data: "") deleted in System Startup user entry!
8/17/2008 9:06:14 AM Allowed (based on user decision) value "{7B297BFD-85E4-4092-B2AF-16A91B2EA103}" (new data: "") deleted in ActiveX Distribution Unit!
8/17/2008 9:06:16 AM Allowed (based on user decision) value "{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}" (new data: "") deleted in ActiveX Distribution Unit!
8/17/2008 9:09:07 AM Allowed (based on user decision) value "\SUE15D.exe" (new data: "") deleted in System Startup user entry!
8/17/2008 9:09:07 AM Denied (based on user blacklist) value "Antivirus" (new data: "") deleted in System Startup user entry!
8/17/2008 9:09:08 AM Allowed (based on user decision) value "{A90A5822-F108-45AD-8482-9BC8B12DD539}" (new data: "") deleted in ActiveX Distribution Unit!
8/17/2008 9:26:35 AM Denied (based on user blacklist) value "Antivirus" (new data: "") deleted in System Startup user entry!
8/17/2008 9:39:32 AM Denied (based on user decision) value "{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}" (new data: "") added in Browser Helper Object!
8/17/2008 11:11:39 AM Denied (based on user blacklist) value "Antivirus" (new data: "") deleted in System Startup user entry!
8/17/2008 11:12:34 AM Allowed (based on user decision) value "Antivirus" (new data: "") deleted in System Startup user entry!
8/17/2008 6:50:28 PM Denied (based on user decision) value "BMf76d7e4d" (new data: "Rundll32.exe "C:\WINDOWS\system32\vrauokah.dll",s") added in System Startup global entry!
8/17/2008 6:50:35 PM Denied (based on user decision) value "{f730da3d-6509-43de-bd42-d106b1587dd7}" (new data: "") added in Browser Helper Object!
8/17/2008 6:50:36 PM Denied (based on user blacklist) value "BMf76d7e4d" (new data: "Rundll32.exe "C:\WINDOWS\system32\vrauokah.dll",s") added in System Startup global entry!
Ali89 is offline   Reply With Quote
Register for a Free PCHF account
Advertisement - Register to Remove
Old 08-18-2008   #2
Senior Security Analyst
 
Pancake's Avatar
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,798
PC Experience: Elite PC Guru
Default re: Constant pop-up and VAV virus
Ok.You have a Vundo infection.Lets get rid of it...



Please download Malwarebytes' Anti-Malware from one of these places:

|MG| Malwarebytes Anti-Malware 1.25

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


==============================================


Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
__________________
  • An Australian Member of
  • and
My real name is Eddy
Pancake is offline   Reply With Quote
Old 08-18-2008   #3
Bronze Member
 
Join Date: Jun 2008
Posts: 20
PC Experience: Experienced
Default re: Constant pop-up and VAV virus
Placed the Logs in attachements.

Malwarebytes' Anti-Malware 1.25
Database version: 1065
Windows 5.1.2600 Service Pack 2

8:07:36 AM 8/18/2008
mbam-log-08-18-2008 (08-07-36).txt

Scan type: Quick Scan
Objects scanned: 53762
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 15
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\wvUnMCVn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vrauokah.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uolwaf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tpcnwa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qoMdETnO.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{1a75f101-126e-46a3-97b1-91a96d161c15} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomdetno (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a75f101-126e-46a3-97b1-91a96d161c15} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5d620655-9996-44a8-b9fe-2c7fcbe14088} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5d620655-9996-44a8-b9fe-2c7fcbe14088} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f730da3d-6509-43de-bd42-d106b1587dd7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvid er (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\bmf76d7e4d (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{1a75f101-126e-46a3-97b1-91a96d161c15} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvunmcvn -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\wvunmcvn -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Inte rnet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\qoMdETnO.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wvUnMCVn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nVCMnUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nVCMnUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kniikcus.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\suckiink.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vrauokah.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uolwaf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tpcnwa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wnxsjwux.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kvlwtxdw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf76d7e4d.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf76d7e4d.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


ComboFix 08-08-17.03 - Family 2008-08-18 8:22:37.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2032 [GMT -4:00]
Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Cookies\administrator@peer3 9.checkm8[1].txt
C:\Documents and Settings\Family\Cookies\family@www.pandasecurity[2].txt

.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-16 20:54 . 2008-08-17 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-16 19:02 . 2008-08-18 04:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 19:02 . 2008-08-16 19:02 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Malwarebytes
2008-08-16 19:02 . 2008-08-16 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 19:02 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 19:02 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 18:06 . 2008-08-16 20:09 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-16 17:58 . 2008-08-16 17:59 <DIR> d-------- C:\ie-spyad_zo
2008-08-16 17:46 . 2008-08-16 17:46 <DIR> d-------- C:\Program Files\Panda Security
2008-08-16 17:46 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-15 21:48 . 2008-08-15 21:48 0 --a------ C:\WINDOWS\WB.ini
2008-08-15 21:27 . 2003-03-18 15:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-08-15 21:27 . 2000-10-20 01:05 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-08-15 21:04 . 2008-08-16 17:04 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
2008-08-15 20:56 . 2008-08-18 08:10 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-08-15 20:53 . 2008-08-15 20:53 <DIR> d-------- C:\Program Files\WinCustomize
2008-08-15 20:53 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-08-15 20:43 . 2008-04-26 16:14 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-08-15 20:40 . 2008-08-15 20:43 <DIR> d-------- C:\Program Files\Stardock
2008-08-15 20:40 . 2008-08-16 17:04 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-08-15 20:40 . 2008-08-15 20:42 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-08-15 15:53 . 2008-08-15 16:08 <DIR> d-------- C:\WINDOWS\system32\VIRepair(2)
2008-08-15 15:53 . 2007-04-15 01:32 7,333,376 --a------ C:\WINDOWS\system32\vistaui(2)(2).exe
2008-08-15 15:53 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\system32\vistartup.bmp
2008-08-15 15:02 . 2008-08-15 15:02 <DIR> d-------- C:\Documents and Settings\Family\Application Data\ViStart
2008-08-15 14:58 . 2008-08-15 16:09 <DIR> d-------- C:\Program Files\WinFlip
2008-08-15 14:58 . 2008-08-15 16:09 <DIR> d-------- C:\Program Files\TrueTransparency
2008-08-15 14:58 . 2008-08-15 16:09 <DIR> d-------- C:\Program Files\Styler
2008-08-15 14:54 . 2008-08-15 16:09 <DIR> d-------- C:\VTPFiles
2008-08-15 13:32 . 2008-08-15 13:32 <DIR> d-------- C:\WINDOWS\Performance
2008-08-15 13:32 . 2008-08-15 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-08-15 13:31 . 2008-08-15 13:31 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-08-14 16:06 . 2008-08-14 16:06 41,764 --a------ C:\WINDOWS\system32\kek.exe
2008-08-13 15:17 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-08 13:24 . 2008-08-08 13:24 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-06 00:52 . 2008-08-06 00:52 58,629 --a------ C:\WINDOWS\system32\mpt.exe
2008-08-05 20:26 . 2008-08-05 20:26 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-08-04 18:35 . 2008-08-04 18:35 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2008-08-04 08:18 . 2008-08-04 08:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-03 12:16 . 2008-08-03 19:56 <DIR> d-------- C:\Program Files\Conduit
2008-08-01 22:03 . 2008-08-01 22:03 <DIR> d-------- C:\Program Files\Socketsoft
2008-08-01 15:12 . 2008-08-01 15:12 <DIR> d-------- C:\Program Files\Superjoy Box
2008-08-01 15:12 . 2003-06-20 18:27 12,288 --a------ C:\WINDOWS\system32\drivers\Xpad.sys
2008-08-01 14:38 . 2008-08-01 14:38 <DIR> d-------- C:\Program Files\iPod
2008-07-30 18:04 . 2008-07-30 18:04 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-29 23:48 . 2008-08-12 23:30 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-07-29 23:48 . 2008-08-12 23:30 3 --a------ C:\WINDOWS\Twain001.Mtx
2008-07-29 23:48 . 2008-07-29 23:48 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-07-29 23:42 . 2008-07-29 23:42 <DIR> d-------- C:\Program Files\Vstplugins
2008-07-29 23:41 . 2008-07-29 23:41 <DIR> d-------- C:\Program Files\Sony
2008-07-29 23:40 . 2008-07-29 23:40 <DIR> d-------- C:\Program Files\Sony Setup
2008-07-29 22:59 . 2008-07-29 22:59 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-29 22:58 . 2008-07-29 22:58 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-07-29 22:57 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-07-29 22:50 . 2008-07-29 22:51 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Sony Setup
2008-07-27 11:04 . 2008-07-28 19:09 <DIR> d-------- C:\Program Files\ECSRO
2008-07-26 10:10 . 2008-08-08 09:04 <DIR> d-------- C:\Program Files\Silkroad
2008-07-25 23:57 . 2005-09-13 20:14 290,816 --a------ C:\WINDOWS\system32\Projoycpl.dll
2008-07-25 23:52 . 2003-06-19 16:25 385,024 --a------ C:\WINDOWS\system32\Mpjoycpl.dll
2008-07-25 23:52 . 2003-06-20 18:33 360,448 --a------ C:\WINDOWS\system32\Xpadcpl.dll
2008-07-25 23:52 . 2003-11-21 23:07 49,152 --a------ C:\WINDOWS\system32\ffdrv1.dll
2008-07-25 21:29 . 2008-07-25 21:29 <DIR> d-------- C:\Program Files\Codemasters
2008-07-25 10:44 . 2008-07-26 12:17 <DIR> d-------- C:\Program Files\vol_toolbar
2008-07-25 10:44 . 2008-07-25 10:44 <DIR> d-------- C:\Documents and Settings\Family\Application Data\vol_toolbar
2008-07-25 09:01 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-25 04:46 . 2004-02-27 00:00 962,612 --a------ C:\WINDOWS\system32\mfc42d.dll
2008-07-25 04:45 . 2008-07-25 04:45 <DIR> d-------- C:\WINDOWS\VirtualEar
2008-07-25 04:45 . 2001-09-11 15:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2008-07-25 04:45 . 2001-10-04 15:50 991,232 --------- C:\WINDOWS\system32\virtear.dll
2008-07-25 04:45 . 2001-09-19 13:47 765,952 --------- C:\WINDOWS\system\crlds3d.dll
2008-07-25 04:45 . 2005-03-01 13:01 392,704 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2008-07-25 04:45 . 2005-03-04 20:53 127,872 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2008-07-25 04:45 . 2003-08-19 19:36 65,536 --------- C:\WINDOWS\system32\Audio3d.dll
2008-07-25 04:45 . 2001-09-11 15:20 30,208 --------- C:\WINDOWS\system32\wdmioctl.dll
2008-07-25 04:24 . 2006-12-20 12:00 41,600 --a------ C:\WINDOWS\system32\drivers\SiSGbeXP.sys
2008-07-25 04:21 . 2008-03-03 15:12 48,128 -ra------ C:\WINDOWS\system32\drivers\SiSGB6.sys
2008-07-24 08:01 . 2008-07-24 08:01 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-07-18 10:33 . 2008-07-18 10:58 <DIR> d-------- C:\Program Files\QuickPar
2008-07-18 10:32 . 2008-07-18 10:32 <DIR> d-------- C:\Program Files\Peer2Mail

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-18 12:20 --------- d-----w C:\Documents and Settings\Family\Application Data\DNA
2008-08-17 19:15 137,968 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-17 19:15 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-17 19:07 --------- d-----w C:\Documents and Settings\Family\Application Data\Xfire
2008-08-17 16:28 --------- d-----w C:\Program Files\Google
2008-08-17 14:43 --------- d-----w C:\Program Files\Warcraft III
2008-08-17 14:18 24 ----a-w C:\Documents and Settings\Family\jagex_runescape_preferences.dat
2008-08-17 01:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-17 00:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\temp
2008-08-16 00:56 4,748,288 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-08-15 17:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-15 05:11 --------- d-----w C:\Program Files\SwiftKit
2008-08-13 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-13 21:17 --------- d-----w C:\Program Files\Xfire
2008-08-05 22:21 22,328 -c--a-w C:\Documents and Settings\Family\Application Data\PnkBstrK.sys
2008-08-05 22:20 682,280 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-08-05 22:20 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-01 18:39 --------- d-----w C:\Program Files\iTunes
2008-08-01 18:37 --------- d-----w C:\Program Files\Bonjour
2008-07-30 05:50 --------- d-----w C:\Program Files\DivX
2008-07-30 03:47 --------- d-----w C:\Documents and Settings\Family\Application Data\Sony
2008-07-30 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-07-30 03:00 --------- d-----w C:\Program Files\MSBuild
2008-07-30 02:34 --------- d-----w C:\Program Files\Common Files\AOL
2008-07-30 02:30 --------- d-----w C:\Program Files\Electronic Arts
2008-07-30 02:29 7,528 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2008-07-26 08:51 --------- d-----w C:\Documents and Settings\Family\Application Data\uTorrent
2008-07-25 14:45 --------- d-----w C:\Program Files\Verizon
2008-07-25 14:45 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-07-25 13:01 --------- d-----w C:\Program Files\Java
2008-07-25 11:14 --------- d-----w C:\Documents and Settings\Family\Application Data\LimeWire
2008-07-25 08:46 --------- d-----w C:\Program Files\ASUS
2008-07-23 17:24 --------- d-----w C:\Documents and Settings\Family\Application Data\Apple Computer
2008-07-20 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-20 15:40 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-19 03:25 --------- d-----w C:\Program Files\DXBX
2008-07-18 15:15 --------- d-----w C:\Program Files\World of Warcraft
2008-07-18 02:20 --------- d-----w C:\Program Files\AV Vcs 6.0 DIAMOND
2008-07-17 04:00 --------- d-----w C:\Program Files\7-Zip
2008-07-16 21:18 --------- d-----w C:\Program Files\CleanUp!
2008-07-16 13:03 --------- d-----w C:\Program Files\Warkeys
2008-07-14 18:05 --------- d-----w C:\Program Files\Ventrilo
2008-07-14 18:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 05:21 312,832 ----a-w C:\WINDOWS\system32\racl.dll
2008-07-13 05:05 778,240 ----a-w C:\WINDOWS\SkinCrafter2.dll
2008-07-13 04:49 --------- d-----w C:\Documents and Settings\Family\Application Data\teamspeak2
2008-07-12 15:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-12 14:57 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-12 14:49 --------- d-----w C:\Program Files\Common Files\Logitech
2008-07-12 14:49 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-07-11 17:30 --------- d-----w C:\Program Files\QuickTime
2008-07-10 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-07-10 21:30 --------- d-----w C:\Program Files\EasyEclipse Expert Java 1.2.2
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-10 05:26 360,320 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-07-09 19:12 --------- d-----w C:\Program Files\Knight Online
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-05 13:39 --------- d-----w C:\Documents and Settings\Family\Application Data\Notepad++
2008-07-05 13:37 --------- d-----w C:\Program Files\Notepad++
2008-07-05 12:40 --------- d-----w C:\Documents and Settings\Family\Application Data\Yahoo!
2008-07-05 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-05 12:39 --------- d-----w C:\Program Files\Yahoo!
2008-07-04 02:51 --------- d-----w C:\Program Files\Windows Live
2008-07-04 02:49 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-04 02:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-03 18:15 --------- d-----w C:\Documents and Settings\Family\Application Data\com.syncrosvnclient
2008-07-02 17:29 --------- d-----w C:\Documents and Settings\Family\Application Data\Subversion
2008-07-01 13:44 --------- d-----w C:\Program Files\3DGroove
2008-06-30 06:24 --------- d-----w C:\Program Files\Syncro SVN Client 3.2
2008-06-30 06:22 --------- d-----w C:\Program Files\Sun
2008-06-30 06:16 --------- d-----w C:\Program Files\Common Files\Java
2008-06-30 06:07 --------- d-----w C:\Program Files\Syncro SVN Client 3.1
2008-06-30 01:03 --------- d-----w C:\Program Files\Download Manager
2008-06-30 01:03 --------- d-----w C:\Documents and Settings\Family\Application Data\IGN_DLM
2008-06-28 04:38 --------- d-----w C:\Documents and Settings\Family\Application Data\vlc
2008-06-28 04:37 --------- d-----w C:\Program Files\VideoLAN
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 06:44 --------- d-----w C:\Program Files\BitComet
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 15:16 --------- d-----w C:\Documents and Settings\Family\Application Data\SPORE Creature Creator
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 13:08 --------- d-----w C:\Program Files\SpeedFan
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 12:33 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-10 16:07 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-06-07 17:52 410,976 ----a-w C:\WINDOWS\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-05 19:20 289088]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 09:08 136136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 17:57 1103480]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-08-16 20:54 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 20:39 185896]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2008-05-02 22:46 86016]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\Boot Skin.exe" [2004-04-26 16:21 270336]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\Family\Start Menu\Programs\Startup\
Mini Calendar.exe.lnk - C:\Documents and Settings\Family\Desktop\Anything\Windows Theme\Mini Calendar.exe [2008-08-15 21:41:51 187904]
Warkeys Update.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2008-03-09 11:12:24 240640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-10-16 21:16:00 200704]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2008-02-08 17:06:29 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-08 17:04:23 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 12:30 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-08-15 20:47 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=uolwaf.dll tpcnwa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Warcraft III\\war3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\xchat\\xchat.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\steamapps\\evilcookie24\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\SwiftKit\\SwiftKit.exe"=
"C:\\Documents and Settings\\Family\\Desktop\\Anything\\listchecker\\ pickup.listchecker.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Family\\Desktop\\Anything\\epsxe170\\ePS Xe.exe"=
"C:\\Program Files\\Codemasters\\Overlord\\Overlord.exe"=
"C:\\Program Files\\Silkroad\\SilkErrSender.exe"=
"C:\\Documents and Settings\\Family\\Desktop\\Anything\\Package1.7.3. no_map\\nuConnector71.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"56606:TCP"= 56606:TCP:Pando P2P TCP Listening Port
"56606:UDP"= 56606:UDP:Pando P2P UDP Listening Port

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboo t.sys [2008-06-19 17:24]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\orea ns32.sys [2008-08-04 18:35]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys []
S3 AMDMSRIO;AMDMSRIO;C:\DOCUME~1\Family\LOCALS~1\Temp \{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys []
S3 HssTrayService;Hotspot Shield Tray Service;C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE []
S3 KIKIDRIVER;KIKIDRIVER;C:\Documents and Settings\Family\Desktop\Kiki Engine 1.41 [Unpacked]\kiki.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 20:01]
S3 PciCon;PciCon:\PciCon.sys []
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\WINDOWS\system32\DRIVERS\SiSGB6.sys [2008-03-03 15:12]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 17:25]
S3 XDva064;XDva064;C:\WINDOWS\system32\XDva064.sys []
S3 XDva121;XDva121;C:\WINDOWS\system32\XDva121.sys []
S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{344f9b90-19d5-11dd-8eee-0013d4e9b7aa}]
\Shell\AutoRun\command - I:\Launcher.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{159B8F11-E923-416E-A2C3-B29A783BE9E0} - (no file)
BHO-{1A75F101-126E-46A3-97B1-91A96D161C15} - (no file)
BHO-{27999821-3411-40E0-A1D6-F8C90FF8AEE7} - (no file)
BHO-{5D620655-9996-44A8-B9FE-2C7FCBE14088} - (no file)
BHO-{6BB73947-16F4-43B0-8736-4FEA47D86A76} - (no file)
BHO-{F42AB7AE-A0EB-434A-A2F0-710BC6755756} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\z0qy8a3f.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\z0qy8a3f.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp07100121.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Download Manager\npfpdlm.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.3.1314.1135\npCIDetect12.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 08:25:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
"ImagePath"="\??\C:\Documents and Settings\Family\Desktop\Kiki Engine 1.41
[Unpacked]\kiki.sys"


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\K IKIDRIVER]
"ImagePath"="\??\C:\Documents and Settings\Family\Desktop\Kiki Engine 1.41
.
Completion time: 2008-08-18 8:28:41
ComboFix-quarantined-files.txt 2008-08-18 12:27:43
ComboFix2.txt 2008-06-07 02:03:12

Pre-Run: 9,579,458,560 bytes free
Post-Run: 9,786,425,344 bytes free

342 --- E O F --- 2008-08-13 22:07:12


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:01 AM, on 8/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.ex e
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\sw g.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Startup: Mini Calendar.exe.lnk = C:\Documents and Settings\Family\Desktop\Anything\Windows Theme\Mini Calendar.exe
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...0Installer.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: uolwaf.dll tpcnwa.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12328 bytes
Attached Files
File Type: log hijackthis.log (12.0 KB, 1 views)
File Type: txt log.txt (24.6 KB, 1 views)
File Type: txt mbam-log-08-18-2008 (08-07-36).txt (4.8 KB, 1 views)
Last edited by Pancake; 08-18-2008 at 11:30 PM.
Ali89 is offline   Reply With Quote
Old 08-18-2008   #4
Senior Security Analyst
 
Pancake's Avatar
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,798
PC Experience: Elite PC Guru
Default re: Constant pop-up and VAV virus
Just these two to fix..


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:




File::
C:\WINDOWS\system32\kek.exe
C:\WINDOWS\system32\mpt.exe



Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*
__________________
  • An Australian Member of
  • and
My real name is Eddy
Pancake is offline   Reply With Quote
Old 08-19-2008   #5
Bronze Member
 
Join Date: Jun 2008
Posts: 20
PC Experience: Experienced
Default re: Constant pop-up and VAV virus
Here ya go.

ComboFix 08-08-17.03 - Family 2008-08-18 18:51:55.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1963 [GMT -4:00]
Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Family\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\kek.exe
C:\WINDOWS\system32\mpt.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Family\Cookies\family@pubmatic[3].txt
C:\WINDOWS\system32\kek.exe
C:\WINDOWS\system32\mpt.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-16 20:54 . 2008-08-18 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-16 19:02 . 2008-08-18 04:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 19:02 . 2008-08-16 19:02 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Malwarebytes
2008-08-16 19:02 . 2008-08-16 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 19:02 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 19:02 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 18:06 . 2008-08-16 20:09 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-16 17:58 . 2008-08-16 17:59 <DIR> d-------- C:\ie-spyad_zo
2008-08-16 17:46 . 2008-08-16 17:46 <DIR> d-------- C:\Program Files\Panda Security
2008-08-16 17:46 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-15 21:48 . 2008-08-15 21:48 0 --a------ C:\WINDOWS\WB.ini
2008-08-15 21:27 . 2003-03-18 15:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-08-15 21:27 . 2000-10-20 01:05 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-08-15 21:04 . 2008-08-16 17:04 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
2008-08-15 20:56 . 2008-08-18 08:38 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-08-15 20:53 . 2008-08-15 20:53 <DIR> d-------- C:\Program Files\WinCustomize
2008-08-15 20:53 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-08-15 20:43 . 2008-04-26 16:14 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-08-15 20:40 . 2008-08-15 20:43 <DIR> d-------- C:\Program Files\Stardock
2008-08-15 20:40 . 2008-08-16 17:04 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-08-15 20:40 . 2008-08-15 20:42 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-08-15 15:53 . 2008-08-15 16:08 <DIR> d-------- C:\WINDOWS\system32\VIRepair(2)
2008-08-15 15:53 . 2007-04-15 01:32 7,333,376 --a------ C:\WINDOWS\system32\vistaui(2)(2).exe
2008-08-15 15:53 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\system32\vistartup.bmp
2008-08-15 15:02 . 2008-08-15 15:02 <DIR> d-------- C:\Documents and Settings\Family\Application Data\ViStart
2008-08-15 14:58 . 2008-08-15 16:09 <DIR> d-------- C:\Program Files\WinFlip
2008-08-15 14:58 . 2008-08-15 16:09 <DIR> d-------- C:\Program Files\TrueTransparency
2008-08-15 14:58 . 2008-08-15 16:09 <DIR> d-------- C:\Program Files\Styler
2008-08-15 14:54 . 2008-08-15 16:09 <DIR> d-------- C:\VTPFiles
2008-08-15 13:32 . 2008-08-15 13:32 <DIR> d-------- C:\WINDOWS\Performance
2008-08-15 13:32 . 2008-08-15 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-08-15 13:31 . 2008-08-15 13:31 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-08-13 15:17 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-08 13:24 . 2008-08-08 13:24 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-05 20:26 . 2008-08-05 20:26 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-08-04 18:35 . 2008-08-04 18:35 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2008-08-04 08:18 . 2008-08-04 08:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-03 12:16 . 2008-08-03 19:56 <DIR> d-------- C:\Program Files\Conduit
2008-08-01 22:03 . 2008-08-01 22:03 <DIR> d-------- C:\Program Files\Socketsoft
2008-08-01 15:12 . 2008-08-01 15:12 <DIR> d-------- C:\Program Files\Superjoy Box
2008-08-01 15:12 . 2003-06-20 18:27 12,288 --a------ C:\WINDOWS\system32\drivers\Xpad.sys
2008-08-01 14:38 . 2008-08-01 14:38 <DIR> d-------- C:\Program Files\iPod
2008-07-30 18:04 . 2008-07-30 18:04 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-29 23:48 . 2008-08-12 23:30 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-07-29 23:48 . 2008-08-12 23:30 3 --a------ C:\WINDOWS\Twain001.Mtx
2008-07-29 23:48 . 2008-07-29 23:48 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-07-29 23:42 . 2008-07-29 23:42 <DIR> d-------- C:\Program Files\Vstplugins
2008-07-29 23:41 . 2008-07-29 23:41 <DIR> d-------- C:\Program Files\Sony
2008-07-29 23:40 . 2008-07-29 23:40 <DIR> d-------- C:\Program Files\Sony Setup
2008-07-29 22:59 . 2008-07-29 22:59 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-29 22:58 . 2008-07-29 22:58 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-07-29 22:57 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-07-29 22:50 . 2008-07-29 22:51 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Sony Setup
2008-07-27 11:04 . 2008-07-28 19:09 <DIR> d-------- C:\Program Files\ECSRO
2008-07-26 10:10 . 2008-08-08 09:04 <DIR> d-------- C:\Program Files\Silkroad
2008-07-25 23:57 . 2005-09-13 20:14 290,816 --a------ C:\WINDOWS\system32\Projoycpl.dll
2008-07-25 23:52 . 2003-06-19 16:25 385,024 --a------ C:\WINDOWS\system32\Mpjoycpl.dll
2008-07-25 23:52 . 2003-06-20 18:33 360,448 --a------ C:\WINDOWS\system32\Xpadcpl.dll
2008-07-25 23:52 . 2003-11-21 23:07 49,152 --a------ C:\WINDOWS\system32\ffdrv1.dll
2008-07-25 21:29 . 2008-07-25 21:29 <DIR> d-------- C:\Program Files\Codemasters
2008-07-25 10:44 . 2008-07-26 12:17 <DIR> d-------- C:\Program Files\vol_toolbar
2008-07-25 10:44 . 2008-07-25 10:44 <DIR> d-------- C:\Documents and Settings\Family\Application Data\vol_toolbar
2008-07-25 09:01 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-25 04:46 . 2004-02-27 00:00 962,612 --a------ C:\WINDOWS\system32\mfc42d.dll
2008-07-25 04:45 . 2008-07-25 04:45 <DIR> d-------- C:\WINDOWS\VirtualEar
2008-07-25 04:45 . 2001-09-11 15:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2008-07-25 04:45 . 2001-10-04 15:50 991,232 --------- C:\WINDOWS\system32\virtear.dll
2008-07-25 04:45 . 2001-09-19 13:47 765,952 --------- C:\WINDOWS\system\crlds3d.dll
2008-07-25 04:45 . 2005-03-01 13:01 392,704 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2008-07-25 04:45 . 2005-03-04 20:53 127,872 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2008-07-25 04:45 . 2003-08-19 19:36 65,536 --------- C:\WINDOWS\system32\Audio3d.dll
2008-07-25 04:45 . 2001-09-11 15:20 30,208 --------- C:\WINDOWS\system32\wdmioctl.dll
2008-07-25 04:24 . 2006-12-20 12:00 41,600 --a------ C:\WINDOWS\system32\drivers\SiSGbeXP.sys
2008-07-25 04:21 . 2008-03-03 15:12 48,128 -ra------ C:\WINDOWS\system32\drivers\SiSGB6.sys
2008-07-24 08:01 . 2008-07-24 08:01 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-07-18 10:33 . 2008-07-18 10:58 <DIR> d-------- C:\Program Files\QuickPar
2008-07-18 10:32 . 2008-07-18 10:32 <DIR> d-------- C:\Program Files\Peer2Mail

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-18 22:49 --------- d-----w C:\Documents and Settings\Family\Application Data\DNA
2008-08-18 22:27 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-08-18 22:26 --------- d-----w C:\Program Files\BitComet
2008-08-18 21:32 --------- d-----w C:\Program Files\Warcraft III
2008-08-18 20:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\temp
2008-08-18 16:29 --------- d-----w C:\Documents and Settings\Family\Application Data\Xfire
2008-08-17 19:15 137,968 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-17 19:15 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-17 16:28 --------- d-----w C:\Program Files\Google
2008-08-17 14:18 24 ----a-w C:\Documents and Settings\Family\jagex_runescape_preferences.dat
2008-08-17 01:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-16 00:56 4,748,288 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-08-15 17:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-15 05:11 --------- d-----w C:\Program Files\SwiftKit
2008-08-13 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-13 21:17 --------- d-----w C:\Program Files\Xfire
2008-08-05 22:21 22,328 -c--a-w C:\Documents and Settings\Family\Application Data\PnkBstrK.sys
2008-08-05 22:20 682,280 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-08-05 22:20 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-01 18:39 --------- d-----w C:\Program Files\iTunes
2008-08-01 18:37 --------- d-----w C:\Program Files\Bonjour
2008-07-30 05:50 --------- d-----w C:\Program Files\DivX
2008-07-30 03:47 --------- d-----w C:\Documents and Settings\Family\Application Data\Sony
2008-07-30 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-07-30 03:00 --------- d-----w C:\Program Files\MSBuild
2008-07-30 02:34 --------- d-----w C:\Program Files\Common Files\AOL
2008-07-30 02:30 --------- d-----w C:\Program Files\Electronic Arts
2008-07-30 02:29 7,528 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2008-07-26 08:51 --------- d-----w C:\Documents and Settings\Family\Application Data\uTorrent
2008-07-25 14:45 --------- d-----w C:\Program Files\Verizon
2008-07-25 14:45 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-07-25 13:01 --------- d-----w C:\Program Files\Java
2008-07-25 11:14 --------- d-----w C:\Documents and Settings\Family\Application Data\LimeWire
2008-07-25 08:46 --------- d-----w C:\Program Files\ASUS
2008-07-23 17:24 --------- d-----w C:\Documents and Settings\Family\Application Data\Apple Computer
2008-07-20 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-20 15:40 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-19 03:25 --------- d-----w C:\Program Files\DXBX
2008-07-18 15:15 --------- d-----w C:\Program Files\World of Warcraft
2008-07-18 02:20 --------- d-----w C:\Program Files\AV Vcs 6.0 DIAMOND
2008-07-17 04:00 --------- d-----w C:\Program Files\7-Zip
2008-07-16 21:18 --------- d-----w C:\Program Files\CleanUp!
2008-07-16 13:03 --------- d-----w C:\Program Files\Warkeys
2008-07-14 18:05 --------- d-----w C:\Program Files\Ventrilo
2008-07-14 18:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 05:21 312,832 ----a-w C:\WINDOWS\system32\racl.dll
2008-07-13 05:05 778,240 ----a-w C:\WINDOWS\SkinCrafter2.dll
2008-07-13 04:49 --------- d-----w C:\Documents and Settings\Family\Application Data\teamspeak2
2008-07-12 15:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-12 14:57 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-12 14:49 --------- d-----w C:\Program Files\Common Files\Logitech
2008-07-12 14:49 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-07-11 17:30 --------- d-----w C:\Program Files\QuickTime
2008-07-10 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-07-10 21:30 --------- d-----w C:\Program Files\EasyEclipse Expert Java 1.2.2
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-10 05:26 360,320 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-07-09 19:12 --------- d-----w C:\Program Files\Knight Online
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-05 13:39 --------- d-----w C:\Documents and Settings\Family\Application Data\Notepad++
2008-07-05 13:37 --------- d-----w C:\Program Files\Notepad++
2008-07-05 12:40 --------- d-----w C:\Documents and Settings\Family\Application Data\Yahoo!
2008-07-05 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-05 12:39 --------- d-----w C:\Program Files\Yahoo!
2008-07-04 02:51 --------- d-----w C:\Program Files\Windows Live
2008-07-04 02:49 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-04 02:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-03 18:15 --------- d-----w C:\Documents and Settings\Family\Application Data\com.syncrosvnclient
2008-07-02 17:29 --------- d-----w C:\Documents and Settings\Family\Application Data\Subversion
2008-07-01 13:44 --------- d-----w C:\Program Files\3DGroove
2008-06-30 06:24 --------- d-----w C:\Program Files\Syncro SVN Client 3.2
2008-06-30 06:22 --------- d-----w C:\Program Files\Sun
2008-06-30 06:16 --------- d-----w C:\Program Files\Common Files\Java
2008-06-30 06:07 --------- d-----w C:\Program Files\Syncro SVN Client 3.1
2008-06-30 01:03 --------- d-----w C:\Program Files\Download Manager
2008-06-30 01:03 --------- d-----w C:\Documents and Settings\Family\Application Data\IGN_DLM
2008-06-28 04:38 --------- d-----w C:\Documents and Settings\Family\Application Data\vlc
2008-06-28 04:37 --------- d-----w C:\Program Files\VideoLAN
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 15:16 --------- d-----w C:\Documents and Settings\Family\Application Data\SPORE Creature Creator
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 13:08 --------- d-----w C:\Program Files\SpeedFan
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 12:33 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-07 17:52 410,976 ----a-w C:\WINDOWS\system32\deploytk.dll
.

------- Sigcheck -------

2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-04-02 14:17 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2008-04-02 14:17 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-08-18 18:27 360320 baf1513359b8f993d33549a13cd5e530 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-08-18 18:27 360320 baf1513359b8f993d33549a13cd5e530 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-05 19:20 289088]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 09:08 136136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 17:57 1103480]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-08-16 20:54 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 20:39 185896]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2008-05-02 22:46 86016]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\Boot Skin.exe" [2004-04-26 16:21 270336]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\Family\Start Menu\Programs\Startup\
Mini Calendar.exe.lnk - C:\Documents and Settings\Family\Desktop\Anything\Windows Theme\Mini Calendar.exe [2008-08-15 21:41:51 187904]
Warkeys Update.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2008-03-09 11:12:24 240640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-10-16 21:16:00 200704]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2008-02-08 17:06:29 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-08 17:04:23 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 12:30 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-08-15 20:47 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=uolwaf.dll tpcnwa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Warcraft III\\war3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\xchat\\xchat.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\steamapps\\evilcookie24\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\SwiftKit\\SwiftKit.exe"=
"C:\\Documents and Settings\\Family\\Desktop\\Anything\\listchecker\\ pickup.listchecker.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Family\\Desktop\\Anything\\epsxe170\\ePS Xe.exe"=
"C:\\Program Files\\Codemasters\\Overlord\\Overlord.exe"=
"C:\\Program Files\\Silkroad\\SilkErrSender.exe"=
"C:\\Documents and Settings\\Family\\Desktop\\Anything\\Package1.7.3. no_map\\nuConnector71.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Family\\Desktop\\Anything\\RedConnector\ \RedConnector.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"56606:TCP"= 56606:TCP:Pando P2P TCP Listening Port
"56606:UDP"= 56606:UDP:Pando P2P UDP Listening Port

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboo t.sys [2008-06-19 17:24]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\orea ns32.sys [2008-08-04 18:35]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 20:01]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys []
S3 AMDMSRIO;AMDMSRIO;C:\DOCUME~1\Family\LOCALS~1\Temp \{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys []
S3 HssTrayService;Hotspot Shield Tray Service;C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE []
S3 KIKIDRIVER;KIKIDRIVER;C:\Documents and Settings\Family\Desktop\Kiki Engine 1.41 [Unpacked]\kiki.sys []
S3 PciCon;PciCon:\PciCon.sys []
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\WINDOWS\system32\DRIVERS\SiSGB6.sys [2008-03-03 15:12]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 17:25]
S3 XDva064;XDva064;C:\WINDOWS\system32\XDva064.sys []
S3 XDva121;XDva121;C:\WINDOWS\system32\XDva121.sys []
S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{344f9b90-19d5-11dd-8eee-0013d4e9b7aa}]
\Shell\AutoRun\command - I:\Launcher.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 18:56:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
"ImagePath"="\??\C:\Documents and Settings\Family\Desktop\Kiki Engine 1.41
[Unpacked]\kiki.sys"


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\K IKIDRIVER]
"ImagePath"="\??\C:\Documents and Settings\Family\Desktop\Kiki Engine 1.41
.
Completion time: 2008-08-18 18:58:36
ComboFix-quarantined-files.txt 2008-08-18 22:58:08
ComboFix2.txt 2008-08-18 12:28:42
ComboFix3.txt 2008-06-07 02:03:12

Pre-Run: 6,627,487,744 bytes free
Post-Run: 6,691,266,560 bytes free

332 --- E O F --- 2008-08-13 22:07:12


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:14 PM, on 8/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\sw g.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Startup: Mini Calendar.exe.lnk = C:\Documents and Settings\Family\Desktop\Anything\Windows Theme\Mini Calendar.exe
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...0Installer.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: uolwaf.dll tpcnwa.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12256 bytes
Attached Files
File Type: log hijackthis.log (12.0 KB, 1 views)
File Type: txt log.txt (23.9 KB, 2 views)
Last edited by Pancake; 08-19-2008 at 12:21 AM. Reason: copy and pasted for better viewing.
Ali89 is offline   Reply With Quote
Old 08-19-2008   #6
Senior Security Analyst
 
Pancake's Avatar
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,798
PC Experience: Elite PC Guru
Default re: Constant pop-up and VAV virus
Better have this one out as well...



Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:



Folder::
C:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*
__________________
  • An Australian Member of
  • and
My real name is Eddy
Pancake is offline   Reply With Quote
Old 08-19-2008   #7
Bronze Member
 
Join Date: Jun 2008
Posts: 20
PC Experience: Experienced
Default re: Constant pop-up and VAV virus
Here it is.
Attached Files
File Type: txt log.txt (24.5 KB, 4 views)
File Type: log hijackthis.log (12.0 KB, 0 views)
Ali89 is offline   Reply With Quote

Reply
Page 1 of 2 1 2

Bookmarks

Tags
2008, constant, constent, fixed, Fixed:, pop-up, popup, vav, virus, vista
Similar discussions...
Thread Thread Starter Forum Replies Last Post
Constant problems grahsco [Fixed] Hijackthis! Logs 2 09-08-2007 12:07 AM
[Resolved] constant pop ups everton2005 [Fixed] Hijackthis! Logs 8 02-04-2007 11:03 PM
constant 60 fps? CsOwnage4 Unfinished Threads 3 09-08-2006 08:43 AM
Constant APP Hang NimbleSloth Unfinished Threads 6 05-15-2006 03:23 PM
Constant restart Mannisenmaki Unfinished Threads 9 12-05-2005 06:12 PM

« Antivirus 2008 problems. | outlook 2007 sending mails on its own »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


Site Map - Top

All times are GMT. The time now is 08:40 AM.
Powered by vBulletin
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2