Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Me Fix My Computer It's Openning Pop-ups Over And Over


  • Please log in to reply
6 replies to this topic

#1 FixMyComputePlease

FixMyComputePlease

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 08 August 2007 - 06:44 AM

Hi, well I read the forum topic in which you helped a person get rid of the WAS7Mon virus. Well, I have the same problem and would appreciate the help. I got the Virus from the WinAntiSpyware2007 program. I already removed WinAntiSpy by using Add or Remove Programs but that didn't stop the popups. I went to the folder in which WAS7Mon was kept and I deleted the programs that were in with Was7Mon but I couldn't delete the Was7Mon virus located in the folder. Oh, yeah the wierd part about this is the WinAntiSpyware download came up by itself I didn't even choose to download it. Umm, well thats pretty much my problem. Please Help Me, Thanks for your time. :thumbsup:

Heres my log from HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 7:27:26 AM, on 8/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\iyzzifx.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\retadpu77.exe
C:\windows\system32\nkdsregn.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\pwinlodt.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\DOBE~1\notepad.exe
C:\Program Files\Common Files\s?mbols\w?wexec.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\ASUPSM\USB Phone\UPhone.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\THELEF~1\LOCALS~1\Temp\Rar$EX00.390\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZZZ] C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [iyzzifxA] C:\WINDOWS\iyzzifxA.exe
O4 - HKLM\..\Run: [{46-68-80-02-ZN}] C:\windows\system32\nkdsregn.exe SKY009
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\pwinlodt.exe SKY009
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Iinl] "C:\WINDOWS\DOBE~1\notepad.exe" -vt yazb
O4 - HKCU\..\Run: [Yhycindh] "C:\Program Files\Common Files\s?mbols\w?wexec.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\pwinlodt.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: USB Phone.lnk = C:\Program Files\ASUPSM\USB Phone\UPhone.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtnet.net/code/chm/xpre.chm::/xpreload.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\iyzzifx.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 08 August 2007 - 09:19 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum FixMyComputePlease :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

First of all you've no virus protection installed.
Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/
----------------------------------------
Please move HijackThis.exe to a permanent folder on the hard drive such as C:\HJT
Create a new folder and place your HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse the line entry deletion if found to be necessary.
If HijackThis is used from a temp folder it is in danger of being accidentally deleted by Disk Cleanup or similar tools.

How to create a new folder named HJT
1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:
2. From the 'File' menu choose 'New'.
3. From the 'New' menu choose 'Folder'.
4. Type the folder name: HJT
5. Then press Enter.
----------------------------------------
Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
----------------------------------------
Now go to:
C:\HJT\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#3 FixMyComputePlease

FixMyComputePlease
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 08 August 2007 - 09:59 AM

Well. Hello Richie. Well, I'm downloading the second virus protection right now.

#4 FixMyComputePlease

FixMyComputePlease
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 08 August 2007 - 10:09 AM

Ummmm. Richie? Its making my computer make random sounds and I'm hearing people talking like in a cmmercial ,but there are no windwos open besides the avast setup and this website. I think It's borat..... Yeah its turns on and off and different things play. It's scaring me :thumbsup:

#5 FixMyComputePlease

FixMyComputePlease
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 08 August 2007 - 10:36 AM

Yeah Richie heres the Combofix log... I accidently renamed both the program of HijackThis and the log in confusion. Sorry.

ComboFix 07-08-08 - "THE LE FAMILY" 2007-08-08 11:17:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.152 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\Program Files\Common Files\smbols~1
C:\Program Files\Common Files\smbols~1\w?wexec.exe
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\021667CC
C:\Program Files\MyWebSearch\bar\Cache\02166982
C:\Program Files\MyWebSearch\bar\Cache\02166D4B.bin
C:\Program Files\MyWebSearch\bar\Cache\02167941.bin
C:\Program Files\MyWebSearch\bar\Cache\021679BE.bin
C:\Program Files\MyWebSearch\bar\Cache\02167A7A.bin
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\poolsv\svhost.exe
C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe
C:\Program Files\poolsv\wr-1-0000077.exe
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Program Files\Windows Media Player\progycawuy.html
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\U.exe
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\dobe~1
C:\WINDOWS\DOWNLO~1.\xpreload.ocx
C:\WINDOWS\iyzzifx.exe
C:\WINDOWS\offun.exe
C:\WINDOWS\poolsv.exe
C:\WINDOWS\rau001978.exe
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\A1
C:\WINDOWS\system32\A1\kmhp83122.exe
C:\WINDOWS\system32\awtqnop.dll
C:\WINDOWS\system32\cbxxwvt.dll
C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver\w71.exe
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\f10WtR\f10WtR1099.exe
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nkdsregn.exe
C:\WINDOWS\system32\npjud.dll
C:\WINDOWS\system32\qomnmnl.dll
C:\WINDOWS\system32\regscan.exe
C:\WINDOWS\system32\rqrsrpo.dll
C:\WINDOWS\system32\ssqqpnn.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wnstsisv.exe
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\Z2
C:\WINDOWS\system32\Z2\x55.exe
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\TISKY009.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\wbun.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FOPN
-------\LEGACY_NET_AGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\ApiMon
-------\Net Agent
-------\Windows Overlay Components


((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


2007-08-08 11:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-08 11:05 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-08 11:05 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-08 11:05 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-08 11:05 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-08 11:05 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-08 11:05 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-08 11:04 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-08 11:04 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-08 11:01 <DIR> d----c--- C:\HJT
2007-08-08 06:46 <DIR> dr-h-c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
2007-08-08 06:46 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-08 06:46 <DIR> d-------- C:\DOCUME~1\THELEF~1\APPLIC~1\Yahoo!
2007-08-08 06:33 192,585 --a------ C:\WINDOWS\system32\pwinlodt.exe
2007-08-08 06:29 1,126,352 -r-hs---- C:\WINDOWS\iyzzifxA.exe
2007-08-01 21:22 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-01 21:21 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-08-01 21:20 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-08-01 21:20 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-08-01 21:20 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-08-01 21:20 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-08-01 21:20 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-08-01 21:20 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-08-01 19:31 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-01 19:30 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-01 09:58 <DIR> d-------- C:\Program Files\Xfire
2007-08-01 09:58 <DIR> d-------- C:\DOCUME~1\THELEF~1\APPLIC~1\Xfire
2007-08-01 07:06 <DIR> d-------- C:\DOCUME~1\THELEF~1\APPLIC~1\InstallShield
2007-08-01 06:21 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-08-01 06:20 <DIR> d----c--- C:\NVIDIA
2007-08-01 06:19 <DIR> d----c--- C:\ATI
2007-07-26 23:30 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-07-26 23:29 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-07-26 23:29 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-07-26 23:29 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-26 14:35 <DIR> d-------- C:\Program Files\Nick Jr. Arcade
2007-07-26 08:46 <DIR> d-------- C:\Program Files\MAIET
2007-07-25 18:39 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-07-25 18:39 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-07-25 18:39 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-07-25 18:39 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-07-25 18:39 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2007-07-25 18:39 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2007-07-25 18:39 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2007-07-25 18:39 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-07-25 18:39 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-07-25 18:39 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-07-25 18:39 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2007-07-25 18:39 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-07-24 23:49 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-07-24 09:57 <DIR> d----c--- C:\Fraps
2007-07-23 01:31 <DIR> d-------- C:\Program Files\Logitech
2007-07-22 23:50 98,304 --a------ C:\WINDOWS\system32\cmudau.dll
2007-07-22 23:50 917,504 --a------ C:\WINDOWS\system\cmds3du.dll
2007-07-22 23:50 712,704 --a------ C:\WINDOWS\system32\a3dpropu.dll
2007-07-22 23:50 61,440 --a------ C:\WINDOWS\system\cmsnxeye.exe
2007-07-22 23:50 57,856 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2007-07-22 23:50 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-07-22 23:50 45,056 --a------ C:\WINDOWS\system32\cmdrvrmu.dll
2007-07-22 23:50 40,960 --a------ C:\WINDOWS\CmiUSB2Uninstall.exe
2007-07-22 23:50 315,392 --a------ C:\WINDOWS\system\cmifltr.dll
2007-07-22 23:50 241,664 --a------ C:\WINDOWS\system32\cmdrvrmu.exe
2007-07-22 23:50 16,384 --a------ C:\WINDOWS\system32\cmpropu.dll
2007-07-22 23:50 134,272 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2007-07-22 23:50 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-07-22 23:50 1,390,656 --a------ C:\WINDOWS\system32\drivers\cmudaxu.sys
2007-07-22 23:50 <DIR> d-------- C:\Program Files\USB Audio
2007-07-22 23:49 <DIR> d-------- C:\Program Files\ASUPSM
2007-07-22 22:50 56,832 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-07-22 22:50 56,832 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-07-22 22:49 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-07-22 21:02 <DIR> d-------- C:\Program Files\Funk Software
2007-07-22 21:02 <DIR> d-------- C:\Program Files\Common Files\Funk Software
2007-07-20 21:54 <DIR> d-------- C:\Program Files\WarRock
2007-07-19 08:17 <DIR> d-------- C:\DOCUME~1\THELEF~1\APPLIC~1\Leadertech
2007-07-18 01:08 <DIR> d-------- C:\DOCUME~1\THELEF~1\APPLIC~1\Skype
2007-07-18 01:07 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-07-18 01:07 <DIR> d-------- C:\Program Files\Skype
2007-07-17 13:41 3,407,872 --a------ C:\DOCUME~1\THELEF~1\ntuser.dat
2007-07-17 08:26 <DIR> d-------- C:\WINDOWS\.jagex_cache_34
2007-07-12 19:46 <DIR> d-------- C:\Program Files\Bots
2007-07-12 03:12 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-08 06:46 --------- d-------- C:\Program Files\Yahoo!
2007-08-03 12:40 --------- d-------- C:\Program Files\Common Files\AOL
2007-08-01 21:21 --------- d--h----- C:\Program Files\WindowsUpdate
2007-07-22 22:49 --------- d-------- C:\Program Files\Google
2007-07-20 21:54 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-19 08:11 --------- d-------- C:\DOCUME~1\THELEF~1\APPLIC~1\Google
2007-07-18 13:28 --------- d-------- C:\Program Files\Encarta Online
2007-07-17 13:41 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-07 05:31 --------- d-------- C:\Program Files\Sony
2007-07-06 12:13 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-06 09:44 --------- d-------- C:\Program Files\SCAR 2.03
2007-07-06 05:58 --------- d-------- C:\DOCUME~1\THELEF~1\APPLIC~1\WinRAR
2007-07-05 06:56 --------- d-------- C:\DOCUME~1\THELEF~1\APPLIC~1\Viewpoint
2007-07-02 13:28 --------- d-------- C:\DOCUME~1\THELEF~1\APPLIC~1\Real
2007-06-29 12:26 --------- d-------- C:\Program Files\Linksys
2007-06-18 14:11 --------- d-------- C:\DOCUME~1\THELEF~1\APPLIC~1\Roxio
2007-06-18 14:07 --------- d-------- C:\Program Files\Common Files\Roxio Shared
2007-06-18 13:59 --------- d-------- C:\Program Files\Roxio


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-03-01 00:00]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 14:24]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 14:11]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"ZZZ"="C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe" [2003-01-21 13:27]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2003-03-17 14:52]
"ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs" [2002-07-14 15:50]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 15:59 C:\WINDOWS\AGRSMMSG.exe]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 00:01]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 11:46]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 13:55]
"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [2002-11-15 17:54]
"NWEReboot"="" []
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-01-28 03:39]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"CmUsbSound"="cmcnfgu.cpl" []
"svhost"="C:\WINDOWS\svhost.exe" []
"iyzzifxA"="C:\WINDOWS\iyzzifxA.exe" [1989-12-12 10:10]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" [2003-02-08 12:50]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 18:08]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10]
"Iinl"="C:\WINDOWS\DOBE~1\notepad.exe" []
"Yhycindh"="C:\Program Files\Common Files\s?mbols\w?wexec.exe" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 18:10]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - C:\Program Files\Quicken\billmind.exe [2002-09-20 15:19:46]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-09-20 15:20:02]
Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE [2002-09-20 15:20:06]
USB Phone.lnk - C:\Program Files\ASUPSM\USB Phone\UPhone.exe [2007-07-22 23:49:50]
Wireless-B Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup.exe [2007-06-29 12:26:16]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows Media Player\progycawuy.html
FriendlyName=

R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\System32\drivers\Cdr4_xp.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\System32\drivers\cdudf_xp.sys
R1 DMICall;Sony DMI Call service;C:\WINDOWS\System32\DRIVERS\DMICall.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\System32\drivers\pwd_2k.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\System32\drivers\UDFReadr.sys
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\System32\CBTNDIS5.SYS
R3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\System32\drivers\cmudaxu.sys
R3 dvd_2K;dvd_2K;C:\WINDOWS\System32\drivers\dvd_2K.sys
R3 IPN2120;Wireless-B PCI Adapter Driver;C:\WINDOWS\System32\DRIVERS\LSIPNDS.sys
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\System32\DRIVERS\odysseyIM3.sys
S3 ATWPKT2;ATWPKT2;\??\C:\Program Files\America Online 8.0\ATWPKT2.SYS
S3 EagleNT;EagleNT;\??\C:\WINDOWS\System32\drivers\EagleNT.sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\System32\drivers\mmc_2K.sys
S3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\System32\DRIVERS\smrt.sys
S3 SONYWBMS;Sony Memory Stick controller(WB);C:\WINDOWS\System32\DRIVERS\SonyWBMS.SYS
S3 VAIOMediaPlatform-PhotoServer-HTTP;VAIO Media Photo Server (HTTP);"C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP"
S3 VAIOMediaPlatform-PhotoServer-UPnP;VAIO Media Photo Server (UPnP);C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\System32\DRIVERS\wanatw4.sys
S3 XDva019;XDva019;\??\C:\WINDOWS\System32\XDva019.sys

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT

Contents of the 'Scheduled Tasks' folder
2007-05-31 00:05:00 C:\WINDOWS\Tasks\Registration reminder 1.job - C:\WINDOWS\System32\OOBE\oobebaln.exe
2007-06-04 14:35:00 C:\WINDOWS\Tasks\Registration reminder 2.job
2007-06-15 03:50:10 C:\WINDOWS\Tasks\Registration reminder 3.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 11:22:44
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\XP\23]
"DisplayName"="\x3e98\23\x40d0\23"
"DeviceDesc"="\x3e98\23\x40d0\23"
"ProviderName"=""
"MFG"="\x435c\x616c\x7373\"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\x5058\23\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"er\xp_inf\cx_08174.inf"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-08 11:26:28 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-08 11:26

--- E O F ---




And here is the Hijackthis log you asked for.

Logfile of HijackThis v1.99.1
Scan saved at 7:27:26 AM, on 8/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\iyzzifx.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\retadpu77.exe
C:\windows\system32\nkdsregn.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\pwinlodt.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\DOBE~1\notepad.exe
C:\Program Files\Common Files\s?mbols\w?wexec.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\ASUPSM\USB Phone\UPhone.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\THELEF~1\LOCALS~1\Temp\Rar$EX00.390\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZZZ] C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [iyzzifxA] C:\WINDOWS\iyzzifxA.exe
O4 - HKLM\..\Run: [{46-68-80-02-ZN}] C:\windows\system32\nkdsregn.exe SKY009
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\pwinlodt.exe SKY009
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Iinl] "C:\WINDOWS\DOBE~1\notepad.exe" -vt yazb
O4 - HKCU\..\Run: [Yhycindh] "C:\Program Files\Common Files\s?mbols\w?wexec.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\pwinlodt.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: USB Phone.lnk = C:\Program Files\ASUPSM\USB Phone\UPhone.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtnet.net/code/chm/xpre.chm::/xpreload.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\iyzzifx.exe

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 09 August 2007 - 02:08 AM

Please follow my instructions exactly in the order they're posted,or we'll both wasting our time.

(1.)Download\install one of the following freeware antivirus programs.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/

------------------------------------------

(2.)Download SmitfraudFix (by S!Ri),to your desktop.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Double click on Smitfraudfix.cmd
Select #2 and hit Enter to delete the infected files.
You will be prompted: 'Do you want to clean the registry?' answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): 'Replace infected file ?' answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
The report can be found at the root of the system drive, usually at C:\rapport.txt

Post the smitfraudfix report into your next reply.

------------------------------------------

(3.)Double click on Combofix.exe again and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Also post a new Hijackthis log.

Edited by RichieUK, 09 August 2007 - 02:09 AM.

Posted Image
Posted Image

#7 FixMyComputePlease

FixMyComputePlease
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 09 August 2007 - 08:57 AM

Thanks Richie buy my dad fixed. Thanks for all the help though :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users