hijack this scan

J

Jacknife

New Member
Been having some spyware problems, the spyware remover programs detect and say they removed them, but they are back every scan. Also have a pop up problem with IE pop up's that get by the few pop up blockers. Anything need to be removed? thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:22 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\qwerty12.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\svdhost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Updates] svdhost.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\kxgfvutn.dll",realset
O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT User Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184294476625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1184534524734
O23 - Service: DomainService - - C:\WINDOWS\System32\qwerty12.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 5280 bytes
 
Last edited:
i see nothing wrong there in running processes except Lsass and a whole lot of svchost running (correct me anyone!!)

i suggest you stop using spyware doctor and get proper protection like AVG or Avira
 
C:\WINDOWS\ALCXMNTR.EXE
This is a nasty process! You should fix it and try to delete it manually!
Realtek AC97 Audio - Event Monitor. Sypware file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but is being used by Realtek to gather data about customers.
 
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Then rename Hijackthis.exe to [something random].exe and post a new log.
 
Buzz1927 said:
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Then rename Hijackthis.exe to [something random].exe and post a new log.
Click to expand...

Here is the combofix log:

C:\WINDOWS\system32\ljjkiff.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\acdqgkkk.dll
C:\WINDOWS\system32\ajprnxli.dll
C:\WINDOWS\system32\arrdlayj.dll
C:\WINDOWS\system32\avowpafm.dll
C:\WINDOWS\system32\blfjllci.dll
C:\WINDOWS\system32\bpdlmhdm.dll
C:\WINDOWS\system32\ddcabca.dll
C:\WINDOWS\system32\dfokqptd.dll
C:\WINDOWS\system32\dndunyxj.dll
C:\WINDOWS\system32\dpubgipi.dll
C:\WINDOWS\system32\dvfixxue.dll
C:\WINDOWS\system32\ehiedwdw.dll
C:\WINDOWS\system32\epcygyxg.dll
C:\WINDOWS\system32\fvabluas.dll
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\gtfsloyk.dll
C:\WINDOWS\system32\hjcanjdm.dll
C:\WINDOWS\system32\httdrrhl.dll
C:\WINDOWS\system32\jfsqcsrh.dll
C:\WINDOWS\system32\jvqdltax.dll
C:\WINDOWS\system32\kjeituyk.dll
C:\WINDOWS\system32\kjqhreyx.dll
C:\WINDOWS\system32\nvjnjkmo.dll
C:\WINDOWS\system32\pomfgypf.dll
C:\WINDOWS\system32\qenyfggp.dll
C:\WINDOWS\system32\rjgssumw.dll
C:\WINDOWS\system32\siqhisiy.dll
C:\WINDOWS\system32\taykmlwi.dll
C:\WINDOWS\system32\tkwwrryg.dll
C:\WINDOWS\system32\tqvjvjip.dll
C:\WINDOWS\system32\uewjhfut.dll
C:\WINDOWS\system32\vtustqq.dll
C:\WINDOWS\system32\xufocnga.dll
C:\WINDOWS\system32\mbvqhqdv.exe
C:\WINDOWS\system32\hfsvrujq.exe
C:\WINDOWS\system32\inpdwkgm.exe
C:\WINDOWS\system32\jnwdfygf.exe
C:\WINDOWS\system32\jxkwgdxd.exe
C:\WINDOWS\system32\kodsmghq.exe
C:\WINDOWS\system32\lqvclyca.exe
C:\WINDOWS\system32\naacwypn.exe
C:\WINDOWS\system32\ogywyinb.exe
C:\WINDOWS\system32\oujsfveu.exe
C:\WINDOWS\system32\qfupkkpk.exe
C:\WINDOWS\system32\sofxfemb.exe
C:\WINDOWS\system32\tduixqfj.exe
C:\WINDOWS\system32\tixwpjgn.exe
C:\WINDOWS\system32\wqnhtyhf.exe
C:\WINDOWS\system32\wugxhptk.exe
C:\WINDOWS\system32\wyeuentg.exe
C:\WINDOWS\system32\agepmdby.dll
C:\WINDOWS\system32\cotauyno.dll
C:\WINDOWS\system32\dcleoprn.dll
C:\WINDOWS\system32\dgvswmcb.dll
C:\WINDOWS\system32\dihoxnfk.dll
C:\WINDOWS\system32\dlhifrhh.dll
C:\WINDOWS\system32\eginyshj.dll
C:\WINDOWS\system32\egqnjogf.dll
C:\WINDOWS\system32\krxpocfb.dll
C:\WINDOWS\system32\sxtepoxb.dll
C:\WINDOWS\system32\tgtmmsqq.dll
C:\WINDOWS\system32\txobnitt.dll
C:\WINDOWS\system32\vkyabcpl.dll
C:\WINDOWS\system32\youelisa.dll
C:\WINDOWS\system32\oqtwa.bak1
C:\WINDOWS\system32\oqtwa.bak2
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\oqtwa.tmp
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\ilxnrpja.ini
C:\WINDOWS\system32\jyaldrra.ini
C:\WINDOWS\system32\mfapwova.ini
C:\WINDOWS\system32\mdhmldpb.ini
C:\WINDOWS\system32\euxxifvd.ini
C:\WINDOWS\system32\gxygycpe.ini
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\lhrrdtth.ini
C:\WINDOWS\system32\hrscqsfj.ini
C:\WINDOWS\system32\kyutiejk.ini
C:\WINDOWS\system32\xyerhqjk.ini
C:\WINDOWS\system32\omkjnjvn.ini
C:\WINDOWS\system32\iwlmkyat.ini
C:\WINDOWS\system32\gyrrwwkt.ini
C:\WINDOWS\system32\oqtwa.bak1
C:\WINDOWS\system32\oqtwa.bak2
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\oqtwa.tmp
C:\WINDOWS\system32\prqss.bak1
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\system32\prqss.tmp
C:\WINDOWS\system32\oqtwa.bak1
C:\WINDOWS\system32\oqtwa.bak2
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\oqtwa.tmp
C:\WINDOWS\system32\prqss.bak1
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\system32\prqss.tmp
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\qtstv.tmp
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\iiffggd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\bar.exe
C:\WINDOWS\system32\_003592_.tmp.dll
C:\WINDOWS\system32\_003756_.tmp.dll
C:\WINDOWS\system32\_003757_.tmp.dll
C:\WINDOWS\system32\_003758_.tmp.dll
C:\WINDOWS\system32\_003759_.tmp.dll
C:\WINDOWS\system32\_003766_.tmp.dll
C:\WINDOWS\system32\_003767_.tmp.dll
C:\WINDOWS\system32\_003768_.tmp.dll
C:\WINDOWS\system32\_003769_.tmp.dll
C:\WINDOWS\system32\_003775_.tmp.dll
C:\WINDOWS\system32\_003777_.tmp.dll
C:\WINDOWS\system32\_003783_.tmp.dll
C:\WINDOWS\system32\_003784_.tmp.dll
C:\WINDOWS\system32\_003786_.tmp.dll
C:\WINDOWS\system32\_003787_.tmp.dll
C:\WINDOWS\system32\_003788_.tmp.dll
C:\WINDOWS\system32\_003790_.tmp.dll
C:\WINDOWS\system32\_003791_.tmp.dll
C:\WINDOWS\system32\_003793_.tmp.dll
C:\WINDOWS\system32\_003797_.tmp.dll
C:\WINDOWS\system32\_003798_.tmp.dll
C:\WINDOWS\system32\_003800_.tmp.dll
C:\WINDOWS\system32\_003803_.tmp.dll
C:\WINDOWS\system32\_003805_.tmp.dll
C:\WINDOWS\system32\_003807_.tmp.dll
C:\WINDOWS\system32\_003808_.tmp.dll
C:\WINDOWS\system32\_003809_.tmp.dll
C:\WINDOWS\system32\_003810_.tmp.dll
C:\WINDOWS\system32\_003813_.tmp.dll
C:\WINDOWS\system32\_003815_.tmp.dll
C:\WINDOWS\system32\_003816_.tmp.dll
C:\WINDOWS\system32\_003817_.tmp.dll
C:\WINDOWS\system32\_003825_.tmp.dll
C:\WINDOWS\system32\ayomoysv.exe
C:\WINDOWS\system32\bpdmppem.exe
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\cpeadmob.exe
C:\WINDOWS\system32\cvgwvtjy.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\dwbwtbhe.exe
C:\WINDOWS\system32\ehnyrews.exe
C:\WINDOWS\system32\ekswhley.exe
C:\WINDOWS\system32\etdgvesi.exe
C:\WINDOWS\system32\fhdexfes.exe
C:\WINDOWS\system32\fmksopei.exe
C:\WINDOWS\system32\gpmugjub.exe
C:\WINDOWS\system32\gwlgegma.exe
C:\WINDOWS\system32\hbeltwox.exe
C:\WINDOWS\system32\hpexlsai.exe
C:\WINDOWS\system32\htntxgna.exe
C:\WINDOWS\system32\jaqfebtp.exe
C:\WINDOWS\system32\jycatmpa.exe
C:\WINDOWS\system32\kmhssrpy.exe
C:\WINDOWS\system32\lcewjcsd.exe
C:\WINDOWS\system32\ldajjyhu.exe
C:\WINDOWS\system32\miwrtuep.exe
C:\WINDOWS\system32\mqrjngkm.exe
C:\WINDOWS\system32\nhaaqqgg.exe
C:\WINDOWS\system32\nrallyhr.exe
C:\WINDOWS\system32\ofurvwxh.exe
C:\WINDOWS\system32\owxqfdpt.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pbstjdyo.exe
C:\WINDOWS\system32\pcvnpekd.exe
C:\WINDOWS\system32\plhcnogp.exe
C:\WINDOWS\system32\pnqmjnkd.exe
C:\WINDOWS\system32\qbgnnrxc.exe
C:\WINDOWS\system32\qhnuhyxw.exe
C:\WINDOWS\system32\rcdudeku.exe
C:\WINDOWS\system32\rnrqvyvy.exe
C:\WINDOWS\system32\ryuacqkg.exe
C:\WINDOWS\system32\sfvnmjge.exe
C:\WINDOWS\system32\skmknmhq.exe
C:\WINDOWS\system32\smsrqcuj.exe
C:\WINDOWS\system32\splrmapg.exe
C:\WINDOWS\system32\ssubbvhl.exe
C:\WINDOWS\system32\tgsgqway.exe
C:\WINDOWS\system32\tpephdxq.exe
C:\WINDOWS\system32\tsdvcuoq.exe
C:\WINDOWS\system32\ufjiqkia.exe
C:\WINDOWS\system32\vqhttlvn.exe
C:\WINDOWS\system32\vsmngvoi.exe
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xdsvmmxm.exe
C:\WINDOWS\system32\xlswfqii.exe
C:\WINDOWS\system32\ybjqucnk.exe
C:\WINDOWS\system32\yqjsdqtp.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 )))))))))))))))))))))))))))))))


2007-07-16 13:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-16 12:54 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-16 01:37 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WinRAR
2007-07-15 19:48 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-07-15 19:40 2,854,400 --a------ C:\WINDOWS\system32\msi.dll
2007-07-15 12:45 765,952 --a------ C:\WINDOWS\system32\svdhost.exe
2007-07-14 23:20 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-14 23:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-13 23:48 <DIR> d-------- C:\WINDOWS\provisioning
2007-07-13 23:48 <DIR> d-------- C:\WINDOWS\peernet
2007-07-13 23:41 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-07-13 23:31 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2007-07-13 23:19 755,200 --a------ C:\WINDOWS\system32\ir50_32.dll
2007-07-13 23:19 5,120 --a------ C:\WINDOWS\system32\hccoin.dll
2007-07-13 23:19 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2007-07-13 23:19 370,560 --a------ C:\WINDOWS\system32\s3gnb.dll
2007-07-13 23:19 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll
2007-07-13 23:19 32,512 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2007-07-13 23:19 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll
2007-07-13 23:19 3,584 --a------ C:\WINDOWS\system32\dsprpres.dll
2007-07-13 23:19 225,280 --a------ C:\WINDOWS\system32\wmpdxm.dll
2007-07-13 23:19 200,192 --a------ C:\WINDOWS\system32\ir50_qc.dll
2007-07-13 23:19 19,328 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2007-07-13 23:19 183,808 --a------ C:\WINDOWS\system32\ir50_qcx.dll
2007-07-13 23:19 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2007-07-13 23:19 167,936 --a------ C:\WINDOWS\system32\wmerror.dll
2007-07-13 23:19 159,232 --a------ C:\WINDOWS\system32\xpob2res.dll
2007-07-13 23:19 159,104 --a------ C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-07-13 23:19 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll
2007-07-13 23:19 106,496 --a------ C:\WINDOWS\system32\wmpasf.dll
2007-07-13 23:19 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-07-13 23:19 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-07-13 23:18 993,546 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-07-13 23:18 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-07-13 23:18 7,680 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-07-13 23:18 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-07-13 23:18 403,456 --a------ C:\WINDOWS\system32\winbrand.dll
2007-07-13 23:18 361,984 --a------ C:\WINDOWS\system32\qmgr.dll
2007-07-13 23:18 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-07-13 23:18 3,543,674 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-07-13 23:18 27,648 --a------ C:\WINDOWS\system32\pidgen.dll
2007-07-13 23:18 218,112 --a------ C:\WINDOWS\system32\sbe.dll
2007-07-13 23:18 187,904 --a------ C:\WINDOWS\system32\xpsp1res.dll
2007-07-13 23:18 172,032 --a------ C:\WINDOWS\system32\mssap.dll
2007-07-13 23:18 155,648 --a------ C:\WINDOWS\system32\encdec.dll
2007-07-13 23:18 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
2007-07-13 23:18 110,080 --a------ C:\WINDOWS\system32\sbeio.dll
2007-07-13 23:18 11,776 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2007-07-13 23:15 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-07-13 23:15 98,304 --a------ C:\WINDOWS\system32\actxprxy.dll
2007-07-13 23:15 95,232 --a------ C:\WINDOWS\system32\6to4svc.dll
2007-07-13 23:15 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2007-07-13 23:15 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-07-13 23:15 80,384 --a------ C:\WINDOWS\system32\cabview.dll
2007-07-13 23:15 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2007-07-13 23:15 77,824 --a------ C:\WINDOWS\system32\asycfilt.dll
2007-07-13 23:15 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2007-07-13 23:15 74,810 --a------ C:\WINDOWS\system32\atl.dll
2007-07-13 23:15 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2007-07-13 23:15 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
2007-07-13 23:15 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-07-13 23:15 62,976 --a------ C:\WINDOWS\system32\browselc.dll
2007-07-13 23:15 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2007-07-13 23:15 61,440 --a------ C:\WINDOWS\system32\cleanmgr.exe
2007-07-13 23:15 6,656 --a------ C:\WINDOWS\system32\batt.dll
2007-07-13 23:15 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
2007-07-13 23:15 581,632 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-07-13 23:15 57,344 --a------ C:\WINDOWS\system32\admparse.dll
2007-07-13 23:15 558,592 --a------ C:\WINDOWS\system32\autofmt.exe
2007-07-13 23:15 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
2007-07-13 23:15 53,760 --a------ C:\WINDOWS\system32\authz.dll
2007-07-13 23:15 5,120 --a------ C:\WINDOWS\system32\cisvc.exe
2007-07-13 23:15 5,120 --a------ C:\WINDOWS\system32\asferror.dll
2007-07-13 23:15 497,152 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-07-13 23:15 49,152 --a------ C:\WINDOWS\system32\browser.dll
2007-07-13 23:15 46,592 --a------ C:\WINDOWS\twain_32.dll
2007-07-13 23:15 45,632 --a------ C:\WINDOWS\system32\cliconfg.exe
2007-07-13 23:15 45,056 --a------ C:\WINDOWS\system32\camocx.dll
2007-07-13 23:15 44,032 --a------ C:\WINDOWS\system32\basesrv.dll
2007-07-13 23:15 436,736 --a------ C:\WINDOWS\system32\certmgr.dll
2007-07-13 23:15 41,984 --a------ C:\WINDOWS\system32\alg.exe
2007-07-13 23:15 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2007-07-13 23:15 4,096 --a------ C:\WINDOWS\system32\actmovie.exe
2007-07-13 23:15 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
2007-07-13 23:15 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2007-07-13 23:15 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-07-13 23:15 30,720 --a------ C:\WINDOWS\system32\clipsrv.exe
2007-07-13 23:15 272,768 --a------ C:\WINDOWS\system32\atmfd.dll
2007-07-13 23:15 27,136 --a------ C:\WINDOWS\system32\batmeter.dll
2007-07-13 23:15 27,136 --a------ C:\WINDOWS\system32\atmlib.dll
2007-07-13 23:15 266,752 --a------ C:\WINDOWS\winhlp32.exe
2007-07-13 23:15 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2007-07-13 23:15 232,960 --a------ C:\WINDOWS\system32\blackbox.dll
2007-07-13 23:15 220,672 --a------ C:\WINDOWS\system32\catsrv.dll
2007-07-13 23:15 22,528 --a------ C:\WINDOWS\system32\at.exe
2007-07-13 23:15 2,025,984 --a------ C:\WINDOWS\system32\cdosys.dll
2007-07-13 23:15 186,880 --a------ C:\WINDOWS\system32\certcli.dll
2007-07-13 23:15 181,760 --a------ C:\WINDOWS\system32\activeds.dll
2007-07-13 23:15 179,712 --a------ C:\WINDOWS\system32\cewmdm.dll
2007-07-13 23:15 179,200 --a------ C:\WINDOWS\system32\accwiz.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-16 06:49:41 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\uTorrent
2007-07-15 23:15:39 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-15 23:13:33 -------- d-----w C:\Program Files\Symantec
2007-07-15 22:54:29 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-15 22:45:09 10,316 ----a-w C:\WINDOWS\freedom.backup.dat
2007-07-15 03:28:07 -------- d-----w C:\Program Files\QuickTime
2007-07-14 20:37:25 -------- d-----w C:\Program Files\Messenger
2007-07-14 20:29:31 -------- d-----w C:\Program Files\Windows NT
2007-07-14 20:29:25 -------- d-----w C:\Program Files\Movie Maker
2007-07-13 23:14:48 -------- d-----w C:\Program Files\AWS
2007-07-13 22:17:16 -------- d-----w C:\Program Files\Corel
2007-07-13 22:11:30 -------- d-----w C:\Program Files\Quicken
2007-07-13 21:58:53 -------- d-----w C:\Program Files\Hewlett-Packard
2007-07-13 02:42:45 -------- d--h--w C:\Program Files\WindowsUpdate
2007-07-12 19:09:01 -------- d-----w C:\Program Files\Spyware Doctor
2007-07-12 08:36:15 3,854 --sha-r C:\WINDOWS\system32\drivers\HP_DF221A-ABA 325C_YC_Pavi_QMX3100_E32NAheBLU3 _4_IMS-6390_SMICRO-STAR INTERNATIONAL CO., LTD_V3.0_B3.03_T030124_WXH1_L409_M512_J60_7AMD_8Athlon XP 2400+_92_1_N_P_Z_K_A_U11063038_G10390330.MRK
2007-07-10 20:05:59 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3965.sys
2007-07-09 07:52:35 1,324 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-21 21:01:05 -------- d-----w C:\Program Files\SequBeat 7
2007-06-16 18:24:20 -------- d-----w C:\Program Files\DivX
2007-06-14 20:48:19 -------- d-----w C:\Program Files\Last.fm
2007-06-10 20:36:43 6,010,424 ----a-w C:\Program Files\Firefox Setup 2.0.0.4.exe
2007-06-09 18:10:50 684 ----a-w C:\WINDOWS\mozver.dat
2007-06-08 17:04:01 8,192 ----a-w C:\WINDOWS\system32\j0271837.exe
2007-06-08 17:04:00 13,844 ----a-w C:\WINDOWS\system32\uxxlomxe.exe
2007-06-08 16:20:53 1,836,427 --sh--w C:\WINDOWS\system32\srqss.bak2
2007-06-07 22:12:18 -------- d-----w C:\Program Files\MSN Messenger
2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-18 20:36:45 -------- d-----w C:\Program Files\PowerISO
2007-05-17 22:48:29 -------- d-----w C:\Program Files\Waves
2007-05-17 22:47:46 -------- d-----w C:\Program Files\EA SPORTS
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-07 21:37:47 871,415 -c--a-w C:\Program Files\PowerISO36.exe
2007-04-07 21:37:00 293,675 -c--a-w C:\Program Files\poweriso-1.1.tar.gz
2007-04-07 20:32:31 16,114 -c--a-w C:\Program Files\[isoHunt] Sega_Genesis_640_Roms_plus_Emulator.zip.3628126.TPB.torrent
2007-04-07 20:31:28 13,924 -c--a-w C:\Program Files\[isoHunt] 3539 NES-ROMS and Emulator.torrent
2007-04-07 15:52:31 6,006,832 -c--a-w C:\Program Files\Firefox Setup 2[1].0.0.3.exe
2006-04-10 01:40:30 8,192 -c--a-w C:\Program Files\Armory Sth C
2005-12-05 23:28:30 3,673,932 -c----w C:\Program Files\Dec2005_MDX1_x86_Archive.cab
2005-12-05 23:28:04 1,358,864 -c----w C:\Program Files\Dec2005_d3dx9_28_x64.cab
2005-12-05 23:28:02 86,925 -c----w C:\Program Files\Oct2005_xinput_x64.cab
2005-12-05 23:28:02 46,247 -c----w C:\Program Files\Oct2005_xinput_x86.cab
2005-12-05 23:28:02 41,888 -c----w C:\Program Files\dxdllreg_x86.cab
2005-12-05 23:28:00 916,806 -c----w C:\Program Files\Dec2005_MDX1_x86.cab
2005-12-05 23:27:58 1,080,344 -c----w C:\Program Files\Dec2005_d3dx9_28_x86.cab
2005-12-05 23:00:46 81,092 -c----w C:\Program Files\dxupdate.cab
2005-12-05 23:00:46 74,448 -c----w C:\Program Files\DSETUP.dll
2005-12-05 23:00:46 484,560 -c----w C:\Program Files\DXSETUP.exe
2005-12-05 23:00:46 2,247,888 -c----w C:\Program Files\dsetup32.dll
2005-12-05 23:00:44 1,351,430 -c----w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2005-12-05 23:00:44 1,348,242 -c----w C:\Program Files\Apr2005_d3dx9_25_x64.cab
2005-12-05 23:00:44 1,336,890 -c----w C:\Program Files\Jun2005_d3dx9_26_x64.cab
2005-12-05 23:00:44 1,248,387 -c----w C:\Program Files\Feb2005_d3dx9_24_x64.cab
2005-12-05 23:00:44 1,079,850 -c----w C:\Program Files\Apr2005_d3dx9_25_x86.cab
2005-12-05 23:00:44 1,078,532 -c----w C:\Program Files\Aug2005_d3dx9_27_x86.cab
2005-12-05 23:00:44 1,065,813 -c----w C:\Program Files\Jun2005_d3dx9_26_x86.cab
2005-12-05 23:00:44 1,014,113 -c----w C:\Program Files\Feb2005_d3dx9_24_x86.cab
2004-09-15 22:16:11 73,728 -c--a-w C:\Program Files\Setup.exe
2004-07-22 14:51:34 3,432,656 -c--a-w C:\Program Files\ManagedDX.CAB
2004-07-20 02:58:36 1,156,363 -c--a-w C:\Program Files\BDANT.cab
2004-07-20 02:53:26 976,020 -c--a-w C:\Program Files\BDAXP.cab
2004-07-09 18:17:16 13,265,040 -c--a-w C:\Program Files\dxnt.cab
2004-07-09 13:13:48 15,493,481 -c--a-w C:\Program Files\DirectX.cab
2004-07-09 13:13:46 703,080 -c--a-w C:\Program Files\BDA.cab
2004-01-09 08:28:15 2,000,324 -c--a-w C:\Program Files\cdex_151.exe
2003-09-01 02:00:19 3,120,360 -c--a-w C:\Program Files\Install_AIM.exe
2003-08-18 14:32:22 206,827 -c--a-w C:\Program Files\WackGet1.1.1.exe
2003-03-30 06:25:36 422,068 -c--a-w C:\Program Files\destinymp3.exe
2003-03-29 17:56:21 1,914,486 -c--a-w C:\Program Files\cdex_150b10_enu.zip
2000-08-29 03:11:50 2,048 -c--a-w C:\Program Files\00000001.TMP


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-03-02 23:02 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --------- C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-07 00:56]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 11:01]
"AutoTBar"="C:\hp\bin\autotbar.exe" []
"nwiz"="nwiz.exe" [2002-09-10 02:35 C:\WINDOWS\system32\nwiz.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-17 12:02]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Microsoft Updates"="svdhost.exe" [2007-07-15 12:45 C:\WINDOWS\system32\svdhost.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Updates"=svdhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstq]
C:\WINDOWS\System32\vtstq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]


Contents of the 'Scheduled Tasks' folder
2007-07-15 03:20:49 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-16 13:42:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-16 13:45:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-16 13:44

--- E O F ---
 
Buzz1927 said:
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Then rename Hijackthis.exe to [something random].exe and post a new log.
Click to expand...

and here is the new [something random] hijack this scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:09 PM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\svdhost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\[something random].exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Updates] svdhost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - .DEFAULT User Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184294476625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1184534524734
O20 - Winlogon Notify: vtstq - C:\WINDOWS\System32\vtstq.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 4650 bytes
 
Alecv said:
C:\WINDOWS\ALCXMNTR.EXE
This is a nasty process! You should fix it and try to delete it manually!
Realtek AC97 Audio - Event Monitor. Sypware file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but is being used by Realtek to gather data about customers.
Click to expand...

Any clue how to delete this manually? When you try it says it cant because it is currently being used. I don't know how to disable it.
 
Sorry, I'll get back to this tomorrow when I've got more time, delete this file.
C:\WINDOWS\System32\svdhost.exe
 
Ctrl+Alt+Del to bring up TaskManager and right-click on this process then choose "End Process Tree":
C:\WINDOWS\System32\svdhost.exe

C:\Program Files\Messenger\msmsgs.exe (are you using Windows Messenger?)


Open HJT in Safe Mode then check & fix these entries:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [Microsoft Updates] svdhost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe
O20 - Winlogon Notify: vtstq - C:\WINDOWS\System32\vtstq.dll (file missing)

vtstq.dll is a Vundo variant process and changes name randomly. After removing this entry in HJT, you must locate and delete the file in your System32 folder.
Whether you're able to delete this file or not, download SUPERAntiSpyware anyways to scan & clean.
Here is the link: http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
 
Buzz1927 said:
delete this file.
C:\WINDOWS\System32\svdhost.exe
Click to expand...

Done.



Crimsonite said:
Ctrl+Alt+Del to bring up TaskManager and right-click on this process then choose "End Process Tree":
C:\WINDOWS\System32\svdhost.exe

C:\Program Files\Messenger\msmsgs.exe (are you using Windows Messenger?)


Open HJT in Safe Mode then check & fix these entries:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [Microsoft Updates] svdhost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe
O20 - Winlogon Notify: vtstq - C:\WINDOWS\System32\vtstq.dll (file missing)

vtstq.dll is a Vundo variant process and changes name randomly. After removing this entry in HJT, you must locate and delete the file in your System32 folder.
Whether you're able to delete this file or not, download SUPERAntiSpyware anyways to scan & clean.
Here is the link: http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Click to expand...

Done.

That windows messenger just appeared all of a sudden one day. I did not download it. I got rid of it.

and I could not manually delete vtstq.dll. I could not find it in that folder. Maybe it is already gone.

thanks for the help.
 
Another step to do:
Control Panel ->Folder Options->View, check "Show hidden files and folders", then uncheck "Hide protected system files" and "Hide known file extensions". Now go to C:\Documents and Settings\your user account name\Local Settings\Temp and delete everything in there, in Safe Mode.

Once this is done, reverse the step to hide the hidden files and folders. Make sure you do download and scan with SUPERAntiSpyware.
 
You must log in or register to reply here.
Back
Top