Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help, Vtstt.dll


  • This topic is locked This topic is locked
1 reply to this topic

#1 Lanzelot

Lanzelot

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 08 March 2008 - 04:46 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:18 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {bfc61d7d-71f9-3a3a-9d24-e8b07e1c5b22} - {22b5c1e7-0b8e-42d9-a3a3-9f17d7d16cfb} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {643A678B-9231-46BF-84B2-A62B8AA4C128} - (no file)
O2 - BHO: (no name) - {6A11553E-7737-4DA8-8FFD-B6842B415702} - C:\WINDOWS\system32\awtuvus.dll
O2 - BHO: (no name) - {D9636CDB-268A-47D5-A2E7-6205DA247754} - C:\WINDOWS\system32\vtstt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: awtuvus - C:\WINDOWS\SYSTEM32\awtuvus.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5140 bytes


Last problem is the awtuvus.dll and winlog.
YAY I did it. TY SO MUCH for this forums.

Edited by Lanzelot, 08 March 2008 - 04:47 AM.


BC AdBot (Login to Remove)

 


#2 Lanzelot

Lanzelot
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 08 March 2008 - 06:08 AM

ComboFix 08-03-07.4 - Leo 2008-03-08 18:59:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.416 [GMT 8:00]
Running from: C:\Documents and Settings\Leo\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Leo\My Documents\DASTRUC - DLSU\DASTRUC\LS Advance C\Desktop_.ini
C:\Documents and Settings\Leo\My Documents\DASTRUC - DLSU\DASTRUC\LS Advance C\PPT Presentations\Desktop_.ini
C:\mfcics\Desktop_.ini
C:\WINDOWS\BM2f8b3882.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtuvus.dll
C:\WINDOWS\system32\cgvxsfht.ini
C:\WINDOWS\system32\kthlewuv.ini
C:\WINDOWS\system32\pqtugkwm.ini
C:\WINDOWS\system32\racmkjkm.ini
C:\WINDOWS\system32\wcbwwtdv.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.

2008-03-08 18:49 . 2008-03-08 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-08 18:48 . 2008-03-08 18:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-08 18:48 . 2008-03-08 18:48 <DIR> d-------- C:\Program Files\Sun
2008-03-08 18:48 . 2008-03-08 18:58 <DIR> d-------- C:\Documents and Settings\Leo\Application Data\SUPERAntiSpyware.com
2008-03-08 18:48 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-08 18:45 . 2008-03-08 18:48 <DIR> d-------- C:\Program Files\Java
2008-03-08 18:44 . 2008-03-08 18:44 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-08 18:26 . 2008-03-08 18:26 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-08 00:48 . 2008-03-08 18:41 <DIR> d-------- C:\HJT
2008-03-08 00:42 . 2008-03-08 06:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-08 00:42 . 2008-03-08 06:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-08 00:24 . 2008-03-08 18:43 <DIR> d-------- C:\VundoFix Backups
2008-03-03 07:59 . 2008-03-03 07:59 <DIR> d-------- C:\Program Files\Chikka Messenger
2008-02-27 23:46 . 2008-02-27 23:46 25,600 --a------ C:\WINDOWS\system32\winjyp32.dll
2008-02-26 23:38 . 2008-02-26 23:49 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-26 23:34 . 2008-02-26 23:34 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-02-26 23:34 . 2008-02-26 23:34 <DIR> d-------- C:\Program Files\MSECACHE
2008-02-26 20:12 . 2008-02-26 20:12 <DIR> d-------- C:\WINDOWS\Sun
2008-02-26 19:36 . 2008-02-26 19:36 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-02-26 19:36 . 2008-02-26 19:36 299,392 --a------ C:\WINDOWS\system32\imon.dll
2008-02-26 19:36 . 2008-02-26 19:36 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-02-26 19:35 . 2008-02-26 19:38 <DIR> d-------- C:\Program Files\ESET
2008-02-26 18:43 . 2008-02-26 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-23 21:39 . 2008-02-23 21:39 <DIR> d-------- C:\Documents and Settings\Leo\Application Data\InstallShield
2008-02-23 21:39 . 2006-03-14 02:26 53,248 --a------ C:\WINDOWS\system32\ImageOle.dll
2008-02-21 09:59 . 2008-02-21 16:14 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-17 23:22 . 2007-11-27 16:32 140,096 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-02-17 23:22 . 2007-11-27 16:32 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-02-17 20:36 . 2008-03-08 19:00 <DIR> d-------- C:\mfcics
2008-02-17 20:22 . 2008-02-17 20:22 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-16 19:22 . 2008-02-18 00:57 <DIR> d-------- C:\Documents and Settings\Leo\Application Data\Apple Computer
2008-02-16 19:21 . 2008-02-21 09:59 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-16 19:21 . 2008-02-16 19:21 <DIR> d-------- C:\Program Files\QuickTime
2008-02-16 19:21 . 2008-02-16 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-09 18:46 . 2008-02-09 18:52 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-02-09 18:46 . 2008-02-09 19:08 74,428 --a------ C:\WINDOWS\War3Unin.dat
2008-02-09 18:46 . 2008-02-09 18:52 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-02-09 18:11 . 2008-02-09 18:11 <DIR> d-------- C:\Program Files\Ocean Technologies & Media
2008-02-09 18:03 . 2008-03-07 21:38 <DIR> d-------- C:\Program Files\Warcraft III

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 13:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-23 12:50 --------- d-----w C:\Documents and Settings\Leo\Application Data\Ahead
2008-02-14 11:50 --------- d-----w C:\Documents and Settings\Leo\Application Data\Yahoo!
2008-02-03 09:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-03 09:51 --------- d-----w C:\Program Files\Yahoo!
2008-02-03 09:48 --------- d-----w C:\Program Files\Gravity
2008-02-03 09:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-03 08:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-03 07:54 --------- d-----w C:\Program Files\Microsoft Student
2008-02-03 07:52 --------- d-----w C:\Program Files\Learning Essentials
2008-02-03 07:45 --------- d-----w C:\Program Files\Realtek
2008-02-03 07:39 --------- d-----w C:\Program Files\Common Files\Office Genuine Advantage
2008-02-03 07:38 --------- d-----w C:\Program Files\Common Files\Windows Genuine Advantage
2008-02-03 07:35 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-03 07:33 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-03 07:33 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-03 07:20 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-03 07:19 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-03 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-03 07:17 --------- d-----w C:\Program Files\Nero
2008-02-03 07:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-03 06:59 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-03 06:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-03 06:45 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A11553E-7737-4DA8-8FFD-B6842B415702}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 17:12 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 07:00 8523776]
"nwiz"="nwiz.exe" [2007-11-07 07:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-07 07:00 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"RegistryMechanic"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-02-26 19:36 950664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\GGclient.exe"=



[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 19:02:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2008-03-08 19:03:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-08 11:03:45


SYSTEM IS NOW GOOD! THANKS TO THIS FORUM.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users