Help with audiode.dll

Question

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:10:36 PM, on 2/17/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Keep My IP-1.0\KeepMyIP.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\Documents and Settings\Owner\Desktop\hijackthis.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\IEXPLORE.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blankR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {26E45419-7205-4fac-BBFE-174BC7337A79} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {88C795DA-6F26-4569-8CF1-A15B0086109A} - C:\WINDOWS\system32\audiode.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dllO2 - BHO: (no name) - {971C3384-F75E-4562-95B3-CBE7417529BC} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dllO3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} - (no file)O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [HP Component Manager] 'C:\Program Files\HP\hpcoretech\hpcmpmgr.exe'O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe'O4 - HKLM\..\Run: [Windows Defender] 'C:\Program Files\Windows Defender\MSASCui.exe' -hideO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [iTunesHelper] 'C:\Program Files\iTunes\iTunesHelper.exe'O4 - HKLM\..\Run: [WinBoostertrck] Winb4trck.exeO4 - HKLM\..\Run: [keepmyip-1.0] 'C:\Program Files\Keep My IP-1.0\KeepMyIP.exe'O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [FreeRAM XP] 'C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe' -winO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htmO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} - https://secure.stamps.com/download/us/registration/3_0_0_789/sdcregie.cabO16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094179075937O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170384475296O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocxO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cabO16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} - http://imlive.com/ChatSource/gVideoContol.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Seekmo/ie/bridge-c24.cab?fd7767a287b2d2f76c0a95f8bda2e136957473c550bfb81e49252734af6867d26a66ecec618633058da45cb1addd0a4167fc5f33e0c071476677bb6fc6:190950799eb876e613008c54b810aed3O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cabO16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cabO20 - AppInit_DLLs: mad.dllO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: OpenSSH Server (OpenSSHd) - Unknown owner - C:\Program Files\OpenSSH\bin\cygrunsrv.exeO24 - Desktop Component 1: Google - http://www.google.com/ --End of file - 11287 bytes

bamajim · Answer

wesleybradley89

That's quite a collection of malware you have there. It will take a couple of runs at this to remove it all, so please be patient.

Re Run Hijackthis

At the Main window select " Open the misc tool section"
Then select " Open uninstall manager"
Then " save list" and save it to your desktop

Copy and paste that list as a reply to this thread

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

wesleybradley89 · Answer

Adobe Flash Player ActiveXAdobe Photoshop CSAdobe Reader 7.0.9Apple Mobile Device SupportApple Software UpdateAVG 7.5BlackBerry Desktop Software 4.2BroadJump Client FoundationCCleaner (remove only)CDDRV_InstallerDell ResourceCDDr.Salman's Winbooster 5.1Dual Mode CameraGiPo@MoveOnBoot 1.9.5Google Toolbar for Internet ExplorerHighMAT Extension to Microsoft Windows XP CD Writing WizardHijackThis 2.0.2Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB914440)Hotfix for Windows XP (KB915865)Hotfix for Windows XP (KB926239)hp deskjet 3320 series (Remove only)hp deskjet 5100hp instant supportHP UpdateInstant Wireless USB AdapterIntel(R) Extreme Graphics DriveriTunesJ2SE Runtime Environment 5.0 Update 10J2SE Runtime Environment 5.0 Update 11J2SE Runtime Environment 5.0 Update 3Java 2 Runtime Environment, SE v1.4.2_05Java(TM) 6 Update 2Java(TM) 6 Update 3Java(TM) SE Runtime Environment 6 Update 1KhalInstallWrapperLimeWire PRO 4.12.3Logitech SetPointMacromedia Flash PlayerMacromedia Shockwave PlayerMicrosoft .NET Framework SDK (English) 1.1Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Data Access Components KB870669Microsoft HaloMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office XP Professional with FrontPageMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 RedistributableMSN Gaming ZoneMSN Music AssistantMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 Parser and SDKNVIDIA DriversOpenSSH for Windows (remove only)QuickTimeSecurity Update for Windows Internet Explorer 7 (KB928090)Security Update for Windows Internet Explorer 7 (KB929969)Security Update for Windows Internet Explorer 7 (KB931768)Security Update for Windows Internet Explorer 7 (KB933566)Security Update for Windows Internet Explorer 7 (KB937143)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB939653)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows Media Player 9 (KB911565)Security Update for Windows Media Player 9 (KB917734)Security Update for Windows XP (KB890046)Security Update for Windows XP (KB893756)Security Update for Windows XP (KB896358)Security Update for Windows XP (KB896422)Security Update for Windows XP (KB896423)Security Update for Windows XP (KB896424)Security Update for Windows XP (KB896428)Security Update for Windows XP (KB899587)Security Update for Windows XP (KB899591)Security Update for Windows XP (KB900725)Security Update for Windows XP (KB901017)Security Update for Windows XP (KB901190)Security Update for Windows XP (KB901214)Security Update for Windows XP (KB902400)Security Update for Windows XP (KB904706)Security Update for Windows XP (KB905414)Security Update for Windows XP (KB905749)Security Update for Windows XP (KB908519)Security Update for Windows XP (KB911280)Security Update for Windows XP (KB911562)Security Update for Windows XP (KB911567)Security Update for Windows XP (KB911927)Security Update for Windows XP (KB912812)Security Update for Windows XP (KB912919)Security Update for Windows XP (KB913446)Security Update for Windows XP (KB913580)Security Update for Windows XP (KB914388)Security Update for Windows XP (KB914389)Security Update for Windows XP (KB916281)Security Update for Windows XP (KB917159)Security Update for Windows XP (KB917344)Security Update for Windows XP (KB917422)Security Update for Windows XP (KB917953)Security Update for Windows XP (KB918118)Security Update for Windows XP (KB918439)Security Update for Windows XP (KB918899)Security Update for Windows XP (KB919007)Security Update for Windows XP (KB920213)Security Update for Windows XP (KB920214)Security Update for Windows XP (KB920670)Security Update for Windows XP (KB920683)Security Update for Windows XP (KB920685)Security Update for Windows XP (KB921398)Security Update for Windows XP (KB921503)Security Update for Windows XP (KB921883)Security Update for Windows XP (KB922616)Security Update for Windows XP (KB922760)Security Update for Windows XP (KB922819)Security Update for Windows XP (KB923191)Security Update for Windows XP (KB923414)Security Update for Windows XP (KB923694)Security Update for Windows XP (KB923980)Security Update for Windows XP (KB924191)Security Update for Windows XP (KB924270)Security Update for Windows XP (KB924496)Security Update for Windows XP (KB924667)Security Update for Windows XP (KB925486)Security Update for Windows XP (KB925902)Security Update for Windows XP (KB926255)Security Update for Windows XP (KB926436)Security Update for Windows XP (KB927779)Security Update for Windows XP (KB927802)Security Update for Windows XP (KB928255)Security Update for Windows XP (KB928843)Security Update for Windows XP (KB929123)Security Update for Windows XP (KB930178)Security Update for Windows XP (KB931261)Security Update for Windows XP (KB931784)Security Update for Windows XP (KB932168)Security Update for Windows XP (KB933729)Security Update for Windows XP (KB935839)Security Update for Windows XP (KB935840)Security Update for Windows XP (KB936021)Security Update for Windows XP (KB938829)Security Update for Windows XP (KB941202)Security Update for Windows XP (KB941568)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB941644)Security Update for Windows XP (KB943055)Security Update for Windows XP (KB943460)Security Update for Windows XP (KB943485)Security Update for Windows XP (KB944653)Security Update for Windows XP (KB946026)Sonic RecordNow!SoundMAXSpybot - Search & Destroy 1.4The Rosetta StoneTibiaTibiaBot NG 4.6.8Uniblue RegistryBooster 2Uniblue SpeedUpMyPC 3Uniblue SpyEraserUpdate for Windows XP (KB894391)Update for Windows XP (KB898461)Update for Windows XP (KB900485)Update for Windows XP (KB904942)Update for Windows XP (KB908531)Update for Windows XP (KB910437)Update for Windows XP (KB916595)Update for Windows XP (KB920872)Update for Windows XP (KB922582)Update for Windows XP (KB927891)Update for Windows XP (KB929338)Update for Windows XP (KB930916)Update for Windows XP (KB931836)Update for Windows XP (KB933360)Update for Windows XP (KB936357)Update for Windows XP (KB938828)Update for Windows XP (KB942763)Veo Creative Studio - ConnectVeo Velocity ConnectViewpoint Media PlayerWeather ServicesWhiz Kid Technomagic Keep My IP, v.1.0Winamp (remove only)Windows DefenderWindows Installer 3.1 (KB893803)Windows Installer 3.1 (KB893803)Windows Internet Explorer 7Windows Live MessengerWindows Live Sign-in AssistantWindows Media Format 11 runtimeWindows Media Format 11 runtimeWindows Media Player 11Windows Media Player 11Windows XP Hotfix - KB834707Windows XP Hotfix - KB867282Windows XP Hotfix - KB873333Windows XP Hotfix - KB873339Windows XP Hotfix - KB885250Windows XP Hotfix - KB885835Windows XP Hotfix - KB885836Windows XP Hotfix - KB885884Windows XP Hotfix - KB886185Windows XP Hotfix - KB887472Windows XP Hotfix - KB887742Windows XP Hotfix - KB888113Windows XP Hotfix - KB888302Windows XP Hotfix - KB890047Windows XP Hotfix - KB890175Windows XP Hotfix - KB890859Windows XP Hotfix - KB890923Windows XP Hotfix - KB891781Windows XP Hotfix - KB893066Windows XP Hotfix - KB893086Windows XP Service Pack 2WinRAR archiverWinTasks TrialWinZipYahoo! Anti-SpyYahoo! MessengerYahoo! Toolbar

bamajim · Answer

wesleybradley89

We need to temporarily disable the Real-time Protection on Windows Defender as it may interfere with the HijackThis fixes we make.

Open Windows Defender
Click Tools => Options
Scroll down and uncheck Use real-time protection (recommended).
Click Save
Close Windows Defender

1. Please download the Killbox.

- C:\WINDOWS\system32\audiode.dll
  C:\WINDOWS\system32\mad.dll
1)Save it to the desktop
2) Rt Click->>Extract all->.Extract it to your Desktop
3) Double Click Killbox.exe to run it
4)Select " Delete on Reboot", and then select "All files".
5) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

6) Return to Killbox, go to the File menu, and choose " Paste from Clipboard".
7) Click the red-and-white " Delete File" button. Click " Yes" at the Delete on Reboot prompt.

2. Rerun Hijackthis (scan only) and place checks beside the following entries

O2 - BHO: (no name) - {26E45419-7205-4fac-BBFE-174BC7337A79} - (no file)
O2 - BHO: (no name) - {88C795DA-6F26-4569-8CF1-A15B0086109A} - C:\WINDOWS\system32\audiode.dll
O2 - BHO: (no name) - {971C3384-F75E-4562-95B3-CBE7417529BC} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} - (no file)
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Seekmo/ie/bridge-c24.cab?fd7767a287b2d2f76c0a95f8bda2e136957473c550bfb81e49252734af6867d26a66ecec618633058da45cb1addd0a4167fc5f33e0c071476677bb6fc6:190950799eb876e613008c54b810aed3
20 - AppInit_DLLs: mad.dll

Close all other open windows except Hijackthis and Select " Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

wesleybradley89 · Answer

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:23:17 PM, on 2/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Keep My IP-1.0\KeepMyIP.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exeC:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeC:\Documents and Settings\Owner\Desktop\hijackthis.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\WgaTray.exeC:\WINDOWS\system32\wuauclt.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blankR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {88C795DA-6F26-4569-8CF1-A15B0086109A} - C:\WINDOWS\system32\audiode.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [HP Component Manager] 'C:\Program Files\HP\hpcoretech\hpcmpmgr.exe'O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe'O4 - HKLM\..\Run: [Windows Defender] 'C:\Program Files\Windows Defender\MSASCui.exe' -hideO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [iTunesHelper] 'C:\Program Files\iTunes\iTunesHelper.exe'O4 - HKLM\..\Run: [keepmyip-1.0] 'C:\Program Files\Keep My IP-1.0\KeepMyIP.exe'O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [FreeRAM XP] 'C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe' -winO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htmO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} - https://secure.stamps.com/download/us/registration/3_0_0_789/sdcregie.cabO16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094179075937O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170384475296O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocxO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cabO16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} - http://imlive.com/ChatSource/gVideoContol.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cabO16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cabO20 - AppInit_DLLs: mad.dllO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: OpenSSH Server (OpenSSHd) - Unknown owner - C:\Program Files\OpenSSH\bin\cygrunsrv.exeO24 - Desktop Component 1: Google - http://www.google.com/ --End of file - 10880 bytes           Note: That file audiode.dll still did not go away.  My AVG gives me a warning everytime I open an explorer window, IE or windows explorer. I've tried to let AVG fix it but it doesn't work.

bamajim · Answer

wesleybradley89

It must have a hidden loader. Let's do this;

Please download Combofix and save to your desktop:

Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

wesleybradley89 · Answer

ComboFix 08-02-18.1 - Owner 2008-02-19 16:13:18.2 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.692 [GMT -6:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!. (((((((((((((((((((((((((   Files Created from 2008-01-19 to 2008-02-19  ))))))))))))))))))))))))))))))). 2008-02-14 16:20 . 2008-02-14 16:20   d-------- C:\Program Files\Keep My IP-1.0 2008-02-13 03:01 . 2008-02-13 03:02 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-02-11 21:42 . 2008-02-11 21:42 297 --a------ C:\winbooster1.dat 2008-02-11 21:42 . 2008-02-11 21:42 107 --a------ C:\WinBooster2.dat 2008-02-11 21:16 . 2008-02-11 21:16   d-------- C:\Documents and Settings\yep\Application Data\AVG7 2008-01-31 17:00 . 2008-01-31 17:00   d-------- C:\Program Files\CCleaner 2008-01-29 21:57 . 2008-02-18 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-29 21:57 . 2008-01-29 21:57 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-21 15:31 . 2008-01-21 15:31   d-------- C:\Program Files\iPod 2008-01-21 15:30 . 2008-01-21 15:31   d-------- C:\Program Files\iTunes 2008-01-21 15:28 . 2008-01-21 15:29   d-------- C:\Program Files\QuickTime .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-19 13:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG72008-02-13 02:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire2008-02-10 20:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\U32008-01-31 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-01-20 23:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP2008-01-15 21:39 --------- d-----w C:\Program Files\Games2008-01-15 04:04 --------- d-----w C:\Program Files\OpenSSH2007-12-29 18:00 --------- d-----w C:\Program Files\TibiaBot NG2007-12-29 17:52 --------- d-----w C:\Program Files\Tibia2007-12-24 19:47 --------- d-----w C:\Program Files\Winamp2007-12-24 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll2007-11-21 17:38 40,733 ----a-w C:\WINDOWS\system32ightonadz-uninst.exe2006-12-16 14:10 20,072 ----a-w C:\Documents and Settings\Dad\Application Data\GDIPFONTCACHEV1.DAT2005-05-20 05:05 20,072 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT2005-05-20 00:30 3,717,396 ----a-w C:\Documents and Settings\Owner\My Documents.zip2004-09-16 01:50 8,000,247 ----a-w C:\Program Files\Grisoft.rar2004-09-15 22:29 728,008,704 ----a-w C:\Program Files\Fear and Loathing in Las Vegas.avi2004-09-06 07:49 6,234,457 ----a-w C:\Program Files	ibia.zip2004-09-05 07:17 311,452 ----a-w C:\Documents and Settings\Owner\Desktop.exe2004-09-05 07:17 241,788 ----a-w C:\Documents and Settings\Owner\Desktop.zip2004-08-30 21:51 1,056,355 ----a-w C:\Program Files\yahtzee_palm.exe2004-08-30 21:47 12,401,274 ----a-w C:\Program Files\Yahtzee.exe2004-09-17 17:43 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88C795DA-6F26-4569-8CF1-A15B0086109A}]2006-10-18 21:47 99072 --a------ C:\WINDOWS\system32\audiode.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 01:56 15360]'FreeRAM XP'='C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe' [2006-03-22 23:13 1591808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'IgfxTray'='C:\WINDOWS\system32\igfxtray.exe' [2005-10-19 07:59 155648]'HotKeysCmds'='C:\WINDOWS\system32\hkcmd.exe' [2005-10-19 07:59 126976]'AVG7_CC'='C:\PROGRA~1\Grisoft\AVG7\avgcc.exe' [2007-12-21 05:54 579072]'BJCFD'='C:\Program Files\BroadJump\Client Foundation\CFD.exe' [2002-09-10 20:26 368706]'HPDJ Taskbar Utility'='C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe' [2006-01-13 00:58 188416]'HP Component Manager'='C:\Program Files\HP\hpcoretech\hpcmpmgr.exe' [2003-10-23 18:51 233472]'SunJavaUpdateSched'='C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe' [2007-07-12 03:00 132496]'Windows Defender'='C:\Program Files\Windows Defender\MSASCui.exe' [2006-11-03 18:20 866584]'HP Software Update'='C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe' [2005-02-16 22:11 49152]'NvCplDaemon'='C:\WINDOWS\system32\NvCpl.dll' [2006-08-11 19:43 7630848]'NvMediaCenter'='C:\WINDOWS\system32\NvMcTray.dll' [2006-08-11 19:43 86016]'iTunesHelper'='C:\Program Files\iTunes\iTunesHelper.exe' [2008-01-15 03:22 267048]'keepmyip-1.0'='C:\Program Files\Keep My IP-1.0\KeepMyIP.exe' [2003-03-01 01:24 5120] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]'AVG7_Run'='C:\PROGRA~1\Grisoft\AVG7\avgw.exe' [2007-10-25 04:54 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]'AppInit_DLLs'=mad.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MemoKit.lnk]backup=C:\WINDOWS\pss\MemoKit.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bxxs5] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CashBack] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Weather 3] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]--a------ 2005-05-25 16:35 569344 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZWO] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB]C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]C:\WINDOWS\system32\gzmrotate.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\License Manager] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]--a------ 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]--a------ 2004-08-13 16:41 86016 C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]d-------- 2008-02-19 16:16 0 C:\DOCUME~1\Owner\LOCALS~1\Temp\ [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nosign_Dual]--a------ 2005-09-28 18:37 22016 C:\WINDOWS
osign.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
wiz]--a------ 2006-08-11 19:43 1519616 C:\WINDOWS\system32
wiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Piolet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupregequester] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seekmo] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shellmen32] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2004-06-03 21:05 32881 C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]--a------ 2007-06-27 18:02 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]--a------ 2007-10-22 09:02 1885464 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]--a------ 2007-10-22 09:13 9438488 C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]--a------ 2007-10-16 08:26 1258248 C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2007-02-13 12:29 35328 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-]'SpybotSD TeaTimer'=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-]'nwiz'=nwiz.exe /install R0 vtjomhnk;vtjomhnk;C:\WINDOWS\system32\drivers\yaoaymoi.dat []R1 NPPTNT;NPPTNT;C:\WINDOWS\System32
pptNT.sys [2003-07-22 00:14]R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 16:59]R3 DCamUSB20;Veo Web Camera;C:\WINDOWS\system32\Drivers\VeoMini20.sys [2002-11-06 12:31]R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver;C:\WINDOWS\system32\DRIVERS\vnet58lx.sys [2004-03-26 12:08]S3 OpenSSHd;OpenSSH Server;C:\Program Files\OpenSSH\bin\cygrunsrv.exe [2004-04-18 05:11]S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-02-07 04:22]S3 SNDP610;Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\sndp610.sys [2005-09-27 22:48]S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS
etusbxp.sys [2002-02-20 01:34] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]\Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d17a4a2d-7084-11dc-aa16-000c41e9c8a5}]\Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f588bcd3-8d4e-11db-a9cb-000c41e9c8a5}]\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe .Contents of the 'Scheduled Tasks' folder'2008-02-18 21:18:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job'- C:\Program Files\Apple Software Update\SoftwareUpdate.exe'2008-02-19 15:01:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job'- C:\Program Files\Windows Defender\MpCmdRun.exe'2008-02-19 05:31:00 C:\WINDOWS\Tasks\sshd.job'- C:\Documents and Settings\Owner\Desktop\sshd.bat.************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-02-19 16:16:03Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.Completion time: 2008-02-19 16:17:29ComboFix-quarantined-files.txt  2008-02-19 22:17:07ComboFix2.txt  2008-02-18 03:45:08.2008-02-19 22:12:04 --- E O F ---

bamajim · Answer

wesleybradley89

According to the Combofix log, this was the 2nd run. Did something happen to the first run?

1. Open NotePad (not wordpad). Copy and paste the following into Notepad

File::
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\audiode.dll
C:\WINDOWS\system32\gzmrotate.dll

Driver::
vtjomhnk

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88C795DA-6F26-4569-8CF1-A15B0086109A}]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bxxs5]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CashBack]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZWO]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\License Manager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Piolet]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\requester]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seekmo]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shellmen32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

user posted image

You will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

2. Rerun Hijackthis and post a fresh Hijackthis log as well.

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

wesleybradley89 · Answer

ComboFix 08-02-18.1 - Owner 2008-02-20 15:37:32.3 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.712 [GMT -6:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE ::C:\WINDOWS\imsins.BAKC:\WINDOWS\system32\audiode.dllC:\WINDOWS\system32\gzmrotate.dll. (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))). C:\WINDOWS\imsins.BAKC:\WINDOWS\system32\audiode.dll . . . . failed to delete .(((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))) .-------\LEGACY_VTJOMHNK-------\vtjomhnk (((((((((((((((((((((((((   Files Created from 2008-01-20 to 2008-02-20  ))))))))))))))))))))))))))))))). 2008-02-14 16:20 . 2008-02-14 16:20   d-------- C:\Program Files\Keep My IP-1.0 2008-02-11 21:42 . 2008-02-11 21:42 297 --a------ C:\winbooster1.dat 2008-02-11 21:42 . 2008-02-11 21:42 107 --a------ C:\WinBooster2.dat 2008-02-11 21:16 . 2008-02-11 21:16   d-------- C:\Documents and Settings\yep\Application Data\AVG7 2008-01-31 17:00 . 2008-01-31 17:00   d-------- C:\Program Files\CCleaner 2008-01-29 21:57 . 2008-02-20 15:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-29 21:57 . 2008-01-29 21:57 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-21 15:31 . 2008-01-21 15:31   d-------- C:\Program Files\iPod 2008-01-21 15:30 . 2008-01-21 15:31   d-------- C:\Program Files\iTunes 2008-01-21 15:28 . 2008-01-21 15:29   d-------- C:\Program Files\QuickTime .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-20 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG72008-02-13 02:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire2008-02-10 20:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\U32008-01-31 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-01-20 23:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP2008-01-15 21:39 --------- d-----w C:\Program Files\Games2008-01-15 04:04 --------- d-----w C:\Program Files\OpenSSH2007-12-29 18:00 --------- d-----w C:\Program Files\TibiaBot NG2007-12-29 17:52 --------- d-----w C:\Program Files\Tibia2007-12-24 19:47 --------- d-----w C:\Program Files\Winamp2007-12-24 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira2006-12-16 14:10 20,072 ----a-w C:\Documents and Settings\Dad\Application Data\GDIPFONTCACHEV1.DAT2005-05-20 05:05 20,072 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT2005-05-20 00:30 3,717,396 ----a-w C:\Documents and Settings\Owner\My Documents.zip2004-09-16 01:50 8,000,247 ----a-w C:\Program Files\Grisoft.rar2004-09-15 22:29 728,008,704 ----a-w C:\Program Files\Fear and Loathing in Las Vegas.avi2004-09-06 07:49 6,234,457 ----a-w C:\Program Files	ibia.zip2004-09-05 07:17 311,452 ----a-w C:\Documents and Settings\Owner\Desktop.exe2004-09-05 07:17 241,788 ----a-w C:\Documents and Settings\Owner\Desktop.zip2004-08-30 21:51 1,056,355 ----a-w C:\Program Files\yahtzee_palm.exe2004-08-30 21:47 12,401,274 ----a-w C:\Program Files\Yahtzee.exe2004-09-17 17:43 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88C795DA-6F26-4569-8CF1-A15B0086109A}]2006-10-18 21:47 99072 --a------ C:\WINDOWS\system32\audiode.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 01:56 15360]'FreeRAM XP'='C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe' [2006-03-22 23:13 1591808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'IgfxTray'='C:\WINDOWS\system32\igfxtray.exe' [2005-10-19 07:59 155648]'HotKeysCmds'='C:\WINDOWS\system32\hkcmd.exe' [2005-10-19 07:59 126976]'AVG7_CC'='C:\PROGRA~1\Grisoft\AVG7\avgcc.exe' [2007-12-21 05:54 579072]'BJCFD'='C:\Program Files\BroadJump\Client Foundation\CFD.exe' [2002-09-10 20:26 368706]'HPDJ Taskbar Utility'='C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe' [2006-01-13 00:58 188416]'HP Component Manager'='C:\Program Files\HP\hpcoretech\hpcmpmgr.exe' [2003-10-23 18:51 233472]'SunJavaUpdateSched'='C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe' [2007-07-12 03:00 132496]'Windows Defender'='C:\Program Files\Windows Defender\MSASCui.exe' [2006-11-03 18:20 866584]'HP Software Update'='C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe' [2005-02-16 22:11 49152]'NvCplDaemon'='C:\WINDOWS\system32\NvCpl.dll' [2006-08-11 19:43 7630848]'NvMediaCenter'='C:\WINDOWS\system32\NvMcTray.dll' [2006-08-11 19:43 86016]'iTunesHelper'='C:\Program Files\iTunes\iTunesHelper.exe' [2008-01-15 03:22 267048]'keepmyip-1.0'='C:\Program Files\Keep My IP-1.0\KeepMyIP.exe' [2003-03-01 01:24 5120]'combofix'='C:\WINDOWS\system32\kmd.exe' [2004-08-04 01:56 388608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]'AVG7_Run'='C:\PROGRA~1\Grisoft\AVG7\avgw.exe' [2007-10-25 04:54 219136] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MemoKit.lnk]backup=C:\WINDOWS\pss\MemoKit.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Weather 3] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]--a------ 2005-05-25 16:35 569344 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB]C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]--a------ 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]--a------ 2004-08-13 16:41 86016 C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]d-------- 2008-02-20 15:43 0 C:\DOCUME~1\Owner\LOCALS~1\Temp\ [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nosign_Dual]--a------ 2005-09-28 18:37 22016 C:\WINDOWS
osign.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
wiz]--a------ 2006-08-11 19:43 1519616 C:\WINDOWS\system32
wiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2004-06-03 21:05 32881 C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]--a------ 2007-06-27 18:02 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]--a------ 2007-10-22 09:02 1885464 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]--a------ 2007-10-22 09:13 9438488 C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]--a------ 2007-10-16 08:26 1258248 C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2007-02-13 12:29 35328 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-]'SpybotSD TeaTimer'=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-]'nwiz'=nwiz.exe /install R0 vtjomhnk;vtjomhnk;C:\WINDOWS\system32\drivers\yaoaymoi.dat []R1 NPPTNT;NPPTNT;C:\WINDOWS\System32
pptNT.sys [2003-07-22 00:14]R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 16:59]R3 DCamUSB20;Veo Web Camera;C:\WINDOWS\system32\Drivers\VeoMini20.sys [2002-11-06 12:31]R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver;C:\WINDOWS\system32\DRIVERS\vnet58lx.sys [2004-03-26 12:08]S3 OpenSSHd;OpenSSH Server;C:\Program Files\OpenSSH\bin\cygrunsrv.exe [2004-04-18 05:11]S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-02-07 04:22]S3 SNDP610;Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\sndp610.sys [2005-09-27 22:48]S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS
etusbxp.sys [2002-02-20 01:34] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]\Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d17a4a2d-7084-11dc-aa16-000c41e9c8a5}]\Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f588bcd3-8d4e-11db-a9cb-000c41e9c8a5}]\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe *Newly Created Service* - VTJOMHNK.Contents of the 'Scheduled Tasks' folder'2008-02-18 21:18:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job'- C:\Program Files\Apple Software Update\SoftwareUpdate.exe'2008-02-20 21:45:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job'- C:\Program Files\Windows Defender\MpCmdRun.exe'2008-02-20 05:31:00 C:\WINDOWS\Tasks\sshd.job'- C:\Documents and Settings\Owner\Desktop\sshd.bat.************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-02-20 15:43:17Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\Windows Defender\MsMpEng.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeC:\Program Files\iPod\bin\iPodService.exe.**************************************************************************.Completion time: 2008-02-20 15:47:05 - machine was rebootedComboFix-quarantined-files.txt  2008-02-20 21:47:00ComboFix2.txt  2008-02-19 22:17:30ComboFix3.txt  2008-02-18 03:45:08.2008-02-19 22:12:04 --- E O F ---

wesleybradley89 · Answer

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:47:54 PM, on 2/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Keep My IP-1.0\KeepMyIP.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exeC:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32
otepad.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Owner\Desktop\hijackthis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blankR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {88C795DA-6F26-4569-8CF1-A15B0086109A} - C:\WINDOWS\system32\audiode.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [HP Component Manager] 'C:\Program Files\HP\hpcoretech\hpcmpmgr.exe'O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe'O4 - HKLM\..\Run: [Windows Defender] 'C:\Program Files\Windows Defender\MSASCui.exe' -hideO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [iTunesHelper] 'C:\Program Files\iTunes\iTunesHelper.exe'O4 - HKLM\..\Run: [keepmyip-1.0] 'C:\Program Files\Keep My IP-1.0\KeepMyIP.exe'O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.batO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [FreeRAM XP] 'C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe' -winO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htmO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} - https://secure.stamps.com/download/us/registration/3_0_0_789/sdcregie.cabO16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094179075937O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170384475296O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocxO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cabO16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} - http://imlive.com/ChatSource/gVideoContol.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cabO16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cabO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: OpenSSH Server (OpenSSHd) - Unknown owner - C:\Program Files\OpenSSH\bin\cygrunsrv.exeO24 - Desktop Component 1: Google - http://www.google.com/ --End of file - 11022 bytes

bamajim · Answer

wesleybradley89

O.k. Combofix has been updated, so let's delete the copy you have

Click Start ->> Run ->> & type in ComboFix /u

Make sure there's a space between Combofix and /

Then hit Enter.

Next download and run the newer version

Please download Combofix and save to your desktop:

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

wesleybradley89 · Answer

alrighty i've downloaded the new version.  Now what would you like me to do?

bamajim · Answer

wesleybradley89   Run it and post the contents of the C:\Combofix.txt log just like the first version.     Microsoft MVP Consumer-Security CastleCops Instructor   'The world is what you make of it'

wesleybradley89 · Answer

ComboFix 08-02-21 - Owner 2008-02-21 21:08:31.4 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.827 [GMT -6:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!. (((((((((((((((((((((((((   Files Created from 2008-01-22 to 2008-02-22  ))))))))))))))))))))))))))))))). 2008-02-21 10:29 . 2008-02-21 10:29 691,545 --a------ C:\WINDOWS\unins000.exe2008-02-21 10:29 . 2008-02-21 10:29 2,541 --a------ C:\WINDOWS\unins000.dat2008-02-14 16:20 . 2008-02-14 16:20   d-------- C:\Program Files\Keep My IP-1.0 2008-02-11 21:42 . 2008-02-11 21:42 297 --a------ C:\winbooster1.dat 2008-02-11 21:42 . 2008-02-11 21:42 107 --a------ C:\WinBooster2.dat 2008-02-11 21:16 . 2008-02-11 21:16   d-------- C:\Documents and Settings\yep\Application Data\AVG7 2008-01-31 17:00 . 2008-01-31 17:00   d-------- C:\Program Files\CCleaner 2008-01-29 21:57 . 2008-02-21 19:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-29 21:57 . 2008-01-29 21:57 1,409 --a------ C:\WINDOWS\QTFont.for .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-21 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG72008-02-21 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-02-21 16:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy2008-02-13 02:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire2008-02-10 20:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\U32008-01-21 21:31 --------- d-----w C:\Program Files\iTunes2008-01-21 21:31 --------- d-----w C:\Program Files\iPod2008-01-21 21:29 --------- d-----w C:\Program Files\QuickTime2008-01-20 23:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP2008-01-15 21:39 --------- d-----w C:\Program Files\Games2008-01-15 04:04 --------- d-----w C:\Program Files\OpenSSH2007-12-29 18:00 --------- d-----w C:\Program Files\TibiaBot NG2007-12-29 17:52 --------- d-----w C:\Program Files\Tibia2007-12-24 19:47 --------- d-----w C:\Program Files\Winamp2007-12-24 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll2006-12-16 14:10 20,072 ----a-w C:\Documents and Settings\Dad\Application Data\GDIPFONTCACHEV1.DAT2005-05-20 05:05 20,072 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT2005-05-20 00:30 3,717,396 ----a-w C:\Documents and Settings\Owner\My Documents.zip2004-09-16 01:50 8,000,247 ----a-w C:\Program Files\Grisoft.rar2004-09-15 22:29 728,008,704 ----a-w C:\Program Files\Fear and Loathing in Las Vegas.avi2004-09-06 07:49 6,234,457 ----a-w C:\Program Files	ibia.zip2004-09-05 07:17 311,452 ----a-w C:\Documents and Settings\Owner\Desktop.exe2004-09-05 07:17 241,788 ----a-w C:\Documents and Settings\Owner\Desktop.zip2004-08-30 21:51 1,056,355 ----a-w C:\Program Files\yahtzee_palm.exe2004-08-30 21:47 12,401,274 ----a-w C:\Program Files\Yahtzee.exe2004-09-17 17:43 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88C795DA-6F26-4569-8CF1-A15B0086109A}]2006-10-18 21:47 99072 --a------ C:\WINDOWS\system32\audiode.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 01:56 15360]'FreeRAM XP'='C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe' [2006-03-22 23:13 1591808]'SpybotSD TeaTimer'='C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe' [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'IgfxTray'='C:\WINDOWS\system32\igfxtray.exe' [2005-10-19 07:59 155648]'HotKeysCmds'='C:\WINDOWS\system32\hkcmd.exe' [2005-10-19 07:59 126976]'AVG7_CC'='C:\PROGRA~1\Grisoft\AVG7\avgcc.exe' [2007-12-21 05:54 579072]'BJCFD'='C:\Program Files\BroadJump\Client Foundation\CFD.exe' [2002-09-10 20:26 368706]'HPDJ Taskbar Utility'='C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe' [2006-01-13 00:58 188416]'HP Component Manager'='C:\Program Files\HP\hpcoretech\hpcmpmgr.exe' [2003-10-23 18:51 233472]'SunJavaUpdateSched'='C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe' [2007-07-12 03:00 132496]'Windows Defender'='C:\Program Files\Windows Defender\MSASCui.exe' [2006-11-03 18:20 866584]'HP Software Update'='C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe' [2005-02-16 22:11 49152]'NvCplDaemon'='C:\WINDOWS\system32\NvCpl.dll' [2006-08-11 19:43 7630848]'NvMediaCenter'='C:\WINDOWS\system32\NvMcTray.dll' [2006-08-11 19:43 86016]'iTunesHelper'='C:\Program Files\iTunes\iTunesHelper.exe' [2008-01-15 03:22 267048]'keepmyip-1.0'='C:\Program Files\Keep My IP-1.0\KeepMyIP.exe' [2003-03-01 01:24 5120]'combofix'='C:\WINDOWS\system32\kmd.exe' [2004-08-04 01:56 388608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]'AVG7_Run'='C:\PROGRA~1\Grisoft\AVG7\avgw.exe' [2007-10-25 04:54 219136] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MemoKit.lnk]backup=C:\WINDOWS\pss\MemoKit.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Weather 3] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]--a------ 2005-05-25 16:35 569344 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB]C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]--a------ 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]--a------ 2004-08-13 16:41 86016 C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]d-------- 2008-02-21 21:11 0 C:\DOCUME~1\Owner\LOCALS~1\Temp\ [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nosign_Dual]--a------ 2005-09-28 18:37 22016 C:\WINDOWS
osign.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
wiz]--a------ 2006-08-11 19:43 1519616 C:\WINDOWS\system32
wiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2004-06-03 21:05 32881 C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]--a------ 2007-06-27 18:02 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]--a------ 2007-10-22 09:02 1885464 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]--a------ 2007-10-22 09:13 9438488 C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]--a------ 2007-10-16 08:26 1258248 C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2007-02-13 12:29 35328 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-]'SpybotSD TeaTimer'=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-]'nwiz'=nwiz.exe /install R0 vtjomhnk;vtjomhnk;C:\WINDOWS\system32\drivers\yaoaymoi.dat []R1 NPPTNT;NPPTNT;C:\WINDOWS\System32
pptNT.sys [2003-07-22 00:14]R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 16:59]R3 DCamUSB20;Veo Web Camera;C:\WINDOWS\system32\Drivers\VeoMini20.sys [2002-11-06 12:31]R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver;C:\WINDOWS\system32\DRIVERS\vnet58lx.sys [2004-03-26 12:08]S3 OpenSSHd;OpenSSH Server;C:\Program Files\OpenSSH\bin\cygrunsrv.exe [2004-04-18 05:11]S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-02-07 04:22]S3 SNDP610;Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\sndp610.sys [2005-09-27 22:48]S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS
etusbxp.sys [2002-02-20 01:34] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]\Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d17a4a2d-7084-11dc-aa16-000c41e9c8a5}]\Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f588bcd3-8d4e-11db-a9cb-000c41e9c8a5}]\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe .Contents of the 'Scheduled Tasks' folder'2008-02-18 21:18:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job'- C:\Program Files\Apple Software Update\SoftwareUpdate.exe'2008-02-21 15:01:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job'- C:\Program Files\Windows Defender\MpCmdRun.exe'2008-02-21 05:31:00 C:\WINDOWS\Tasks\sshd.job'- C:\Documents and Settings\Owner\Desktop\sshd.bat.************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-02-21 21:11:19Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.Completion time: 2008-02-21 21:12:35ComboFix2.txt  2008-02-20 21:47:06.2008-02-19 22:12:04 --- E O F ---

bamajim · Answer

wesleybradley89

1. We Need to temporarily disable SpyBotS&D Tea timer so it doesn't interfere with our fix

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

If the CFScript.txt file we created previously is still on your Desktop, Delete it we are going to makke another one.

2. Open NotePad (not wordpad). Copy and paste the following into Notepad

File::
C:\WINDOWS\system32\audiode.dll

Driver::
vtjomhnk

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88C795DA-6F26-4569-8CF1-A15B0086109A}]

Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe
user posted image

You will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

wesleybradley89 · Answer

ComboFix 08-02-21 - Owner 2008-02-22  9:27:41.5 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.727 [GMT -6:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE ::C:\WINDOWS\system32\audiode.dll. (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))). C:\WINDOWS\system32\audiode.dll . . . . failed to delete .(((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))) .-------\LEGACY_VTJOMHNK-------\vtjomhnk (((((((((((((((((((((((((   Files Created from 2008-01-22 to 2008-02-22  ))))))))))))))))))))))))))))))). 2008-02-21 10:29 . 2008-02-21 10:29 691,545 --a------ C:\WINDOWS\unins000.exe2008-02-21 10:29 . 2008-02-21 10:29 2,541 --a------ C:\WINDOWS\unins000.dat2008-02-14 16:20 . 2008-02-14 16:20   d-------- C:\Program Files\Keep My IP-1.0 2008-02-11 21:42 . 2008-02-11 21:42 297 --a------ C:\winbooster1.dat 2008-02-11 21:42 . 2008-02-11 21:42 107 --a------ C:\WinBooster2.dat 2008-02-11 21:16 . 2008-02-11 21:16   d-------- C:\Documents and Settings\yep\Application Data\AVG7 2008-01-31 17:00 . 2008-01-31 17:00   d-------- C:\Program Files\CCleaner 2008-01-29 21:57 . 2008-02-22 09:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-29 21:57 . 2008-01-29 21:57 1,409 --a------ C:\WINDOWS\QTFont.for .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-22 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG72008-02-21 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-02-21 16:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy2008-02-13 02:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire2008-02-10 20:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\U32008-01-21 21:31 --------- d-----w C:\Program Files\iTunes2008-01-21 21:31 --------- d-----w C:\Program Files\iPod2008-01-21 21:29 --------- d-----w C:\Program Files\QuickTime2008-01-20 23:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP2008-01-15 21:39 --------- d-----w C:\Program Files\Games2008-01-15 04:04 --------- d-----w C:\Program Files\OpenSSH2007-12-29 18:00 --------- d-----w C:\Program Files\TibiaBot NG2007-12-29 17:52 --------- d-----w C:\Program Files\Tibia2007-12-24 19:47 --------- d-----w C:\Program Files\Winamp2007-12-24 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira2006-12-16 14:10 20,072 ----a-w C:\Documents and Settings\Dad\Application Data\GDIPFONTCACHEV1.DAT2005-05-20 05:05 20,072 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT2005-05-20 00:30 3,717,396 ----a-w C:\Documents and Settings\Owner\My Documents.zip2004-09-16 01:50 8,000,247 ----a-w C:\Program Files\Grisoft.rar2004-09-15 22:29 728,008,704 ----a-w C:\Program Files\Fear and Loathing in Las Vegas.avi2004-09-06 07:49 6,234,457 ----a-w C:\Program Files	ibia.zip2004-09-05 07:17 311,452 ----a-w C:\Documents and Settings\Owner\Desktop.exe2004-09-05 07:17 241,788 ----a-w C:\Documents and Settings\Owner\Desktop.zip2004-08-30 21:51 1,056,355 ----a-w C:\Program Files\yahtzee_palm.exe2004-08-30 21:47 12,401,274 ----a-w C:\Program Files\Yahtzee.exe2004-09-17 17:43 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88C795DA-6F26-4569-8CF1-A15B0086109A}]2006-10-18 21:47 99072 --a------ C:\WINDOWS\system32\audiode.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 01:56 15360]'FreeRAM XP'='C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe' [2006-03-22 23:13 1591808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'IgfxTray'='C:\WINDOWS\system32\igfxtray.exe' [2005-10-19 07:59 155648]'HotKeysCmds'='C:\WINDOWS\system32\hkcmd.exe' [2005-10-19 07:59 126976]'AVG7_CC'='C:\PROGRA~1\Grisoft\AVG7\avgcc.exe' [2007-12-21 05:54 579072]'BJCFD'='C:\Program Files\BroadJump\Client Foundation\CFD.exe' [2002-09-10 20:26 368706]'HPDJ Taskbar Utility'='C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe' [2006-01-13 00:58 188416]'HP Component Manager'='C:\Program Files\HP\hpcoretech\hpcmpmgr.exe' [2003-10-23 18:51 233472]'SunJavaUpdateSched'='C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe' [2007-07-12 03:00 132496]'Windows Defender'='C:\Program Files\Windows Defender\MSASCui.exe' [2006-11-03 18:20 866584]'HP Software Update'='C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe' [2005-02-16 22:11 49152]'NvCplDaemon'='C:\WINDOWS\system32\NvCpl.dll' [2006-08-11 19:43 7630848]'NvMediaCenter'='C:\WINDOWS\system32\NvMcTray.dll' [2006-08-11 19:43 86016]'iTunesHelper'='C:\Program Files\iTunes\iTunesHelper.exe' [2008-01-15 03:22 267048]'keepmyip-1.0'='C:\Program Files\Keep My IP-1.0\KeepMyIP.exe' [2003-03-01 01:24 5120]'combofix'='C:\WINDOWS\system32\kmd.exe' [2004-08-04 01:56 388608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]'AVG7_Run'='C:\PROGRA~1\Grisoft\AVG7\avgw.exe' [2007-10-25 04:54 219136] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MemoKit.lnk]backup=C:\WINDOWS\pss\MemoKit.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Weather 3] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]--a------ 2005-05-25 16:35 569344 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB]C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]--a------ 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]--a------ 2004-08-13 16:41 86016 C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]d-------- 2008-02-22 09:34 0 C:\DOCUME~1\Owner\LOCALS~1\Temp\ [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nosign_Dual]--a------ 2005-09-28 18:37 22016 C:\WINDOWS
osign.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
wiz]--a------ 2006-08-11 19:43 1519616 C:\WINDOWS\system32
wiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2004-06-03 21:05 32881 C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]--a------ 2007-06-27 18:02 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]--a------ 2007-10-22 09:02 1885464 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]--a------ 2007-10-22 09:13 9438488 C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]--a------ 2007-10-16 08:26 1258248 C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2007-02-13 12:29 35328 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-]'SpybotSD TeaTimer'=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-]'nwiz'=nwiz.exe /install R0 vtjomhnk;vtjomhnk;C:\WINDOWS\system32\drivers\yaoaymoi.dat []R1 NPPTNT;NPPTNT;C:\WINDOWS\System32
pptNT.sys [2003-07-22 00:14]R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 16:59]R3 DCamUSB20;Veo Web Camera;C:\WINDOWS\system32\Drivers\VeoMini20.sys [2002-11-06 12:31]R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver;C:\WINDOWS\system32\DRIVERS\vnet58lx.sys [2004-03-26 12:08]S3 OpenSSHd;OpenSSH Server;C:\Program Files\OpenSSH\bin\cygrunsrv.exe [2004-04-18 05:11]S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-02-07 04:22]S3 SNDP610;Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\sndp610.sys [2005-09-27 22:48]S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS
etusbxp.sys [2002-02-20 01:34] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]\Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d17a4a2d-7084-11dc-aa16-000c41e9c8a5}]\Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f588bcd3-8d4e-11db-a9cb-000c41e9c8a5}]\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe *Newly Created Service* - VTJOMHNK.Contents of the 'Scheduled Tasks' folder'2008-02-18 21:18:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job'- C:\Program Files\Apple Software Update\SoftwareUpdate.exe'2008-02-22 15:28:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job'- C:\Program Files\Windows Defender\MpCmdRun.exe'2008-02-22 05:31:00 C:\WINDOWS\Tasks\sshd.job'- C:\Documents and Settings\Owner\Desktop\sshd.bat.************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-02-22 09:33:57Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32
vsvc32.exeC:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeC:\Program Files\iPod\bin\iPodService.exe.**************************************************************************.Completion time: 2008-02-22  9:37:10 - machine was rebootedComboFix-quarantined-files.txt  2008-02-22 15:37:06ComboFix2.txt  2008-02-22 03:12:36ComboFix3.txt  2008-02-20 21:47:06.2008-02-22 11:18:03 --- E O F ---

Virus & Spyware

Help with audiode.dll

Was this post helpful?