Is it possible to completely block I.E. from opening?

S

samurai340

New Member
Every time I open or refresh a window (in Firefox), I get one or two pop ups which open in Internet Explorer. I never get Firefox pop ups so I think if I can block I.E. I'll stop getting pop ups. I know the adware will still be there but as long as I don't notice it I don't care. I've tried way too many types of adware/spyware removal programs and I'm just giving up on them now. So... I know you can't properly uninstall I.E., but is there a way to simply block it from ever opening up do you think?
 
If you are having pop-ups then your pc is most likely infected. DO NOT try to disable IE as it is needed for windows updates!!! Post a hijackthis log for someone to inspect.
 
Post it in this forum?



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:46, on 17/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Real\RealPlayer\RealPlay.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Common Files\AOL\1205007047\ee\AOLSoftware.exe
D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
D:\Program Files\AOL 9.0\aoltray.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\FinePixViewer\QuickDCF.exe
d:\program files\common files\aol\1205007047\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
d:\program files\common files\aol\1205007047\ee\aolsoftware.exe
D:\Program Files\Mozilla Firefox\firefox.exe
d:\program files\common files\aol\1205007047\ee\anotify.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31CC47A0-B436-4E3E-8FFD-987428BE40D3} - D:\Program Files\MSN\kori89104.dll
O2 - BHO: (no name) - {908893ED-AA87-4CAF-85A9-AB08E76DE053} - (no file)
O2 - BHO: (no name) - {91223DE9-F8E6-4FFD-8889-BE6784C18696} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StorageGuard] "D:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{F1-11-1E-E2-DW}] d:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [HostManager] D:\Program Files\Common Files\AOL\1205007047\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = D:\WINDOWS\system32\rwwnw64d.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = D:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Exif Launcher.lnk = D:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1204946899515
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O20 - Winlogon Notify: opnkhgd - opnkhgd.dll (file missing)
O20 - Winlogon Notify: urqqpnk - urqqpnk.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8041 bytes




If anyone bothers to sift through all that...I thank you.
 
Hello, your computer is infected.

Please follow these instructions:
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


In your next reply, please post the combofix log and a fresh Hijackthis log.

:)
 
ComboFix log:



ComboFix 08-04-16.5 - Aaron 2008-04-17 18:54:03.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.141 [GMT 1:00]
Running from: D:\Documents and Settings\Aaron\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\Aaron\Application Data\YMBOLS~1
D:\Documents and Settings\Aaron\My Documents\ECURIT~1
D:\Documents and Settings\Aaron\My Documents\YSTEM~1
D:\Documents and Settings\Aaron\My Documents\YSTEM~1\?ystem\
D:\Documents and Settings\Aaron\Start Menu\Programs\Startup\DW_Start.lnk
D:\Program Files\Common Files\mantec~1
D:\Program Files\dobe~1
D:\Program Files\dobe~1\?dobe\
D:\WINDOWS\system32\~.exe
D:\WINDOWS\system32\drivers\core.cache.dsk
D:\WINDOWS\system32\drivers\volsnapp.sys
D:\WINDOWS\system32\iDlo01
D:\WINDOWS\system32\ocntskwb.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VOLSNAPP
-------\Service_volsnapp


((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.

2008-04-17 18:01 . 2008-04-17 18:01 <DIR> d-------- D:\Program Files\Trend Micro
2008-04-17 17:12 . 2008-04-17 17:12 <DIR> d-------- D:\WINDOWS\LastGood.Tmp
2008-04-13 21:39 . 2008-04-13 21:39 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-04-13 21:39 . 2008-04-13 21:39 1,409 --a------ D:\WINDOWS\QTFont.for
2008-04-06 14:28 . 2008-04-06 14:28 <DIR> d-------- D:\Program Files\DivX
2008-03-29 23:42 . 2008-03-29 23:42 <DIR> d-------- D:\Program Files\PC Drivers HeadQuarters
2008-03-29 21:46 . 2008-04-02 14:12 36,864 --a------ D:\WINDOWS\system32\ghf.exe
2008-03-29 21:46 . 2008-03-29 21:46 36,864 --a------ D:\WINDOWS\nmtyyrgbg.exe
2008-03-29 14:30 . 2008-03-29 14:30 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-03-25 18:53 . 2008-03-25 18:53 <DIR> d--hs---- D:\FOUND.005
2008-03-23 20:24 . 2008-03-23 20:24 <DIR> d--hs---- D:\FOUND.004
2008-03-22 23:11 . 2008-03-22 23:11 <DIR> d-------- D:\Documents and Settings\Aaron\Application Data\dvdcss
2008-03-18 00:49 . 2008-03-18 00:49 <DIR> d--hs---- D:\FOUND.003
2008-03-18 00:44 . 2008-03-19 17:47 299,485 --ahs---- D:\WINDOWS\system32\jlkkj.ini2
2008-03-18 00:44 . 2008-03-19 17:51 296,595 --ahs---- D:\WINDOWS\system32\jlkkj.ini
2008-03-17 22:52 . 2008-03-17 22:52 <DIR> d-------- D:\Program Files\ArcSoft
2008-03-17 22:50 . 2008-03-17 22:50 <DIR> d-------- D:\Program Files\FinePixViewer
2008-03-17 22:49 . 2004-08-04 00:56 53,760 --a------ D:\WINDOWS\system32\vfwwdm32.dll
2008-03-17 22:49 . 2004-08-04 00:56 53,760 --a------ D:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-17 22:49 . 2004-08-04 00:56 28,672 --a------ D:\WINDOWS\system32\vidcap.ax
2008-03-17 22:49 . 2004-08-04 00:56 28,672 --a------ D:\WINDOWS\system32\dllcache\vidcap.ax
2008-03-17 22:48 . 2008-03-17 22:48 <DIR> d-------- D:\Program Files\REGSHAVE
2008-03-17 22:48 . 2001-11-24 17:11 81,924 --------- D:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-03-17 22:48 . 2001-11-25 02:11 81,924 --a------ D:\WINDOWS\system32\drivers\V4CB0115.SYS
2008-03-17 22:48 . 2001-11-25 02:11 81,924 --a------ D:\WINDOWS\system32\drivers\V4CB010B.SYS
2008-03-17 22:48 . 2001-11-21 21:09 81,796 --a------ D:\WINDOWS\system32\drivers\V4CB0109.SYS
2008-03-17 22:48 . 2002-02-04 22:33 69,632 --------- D:\WINDOWS\system32\FREGSHEX.DLL
2008-03-17 22:48 . 2002-02-26 17:27 65,536 --------- D:\WINDOWS\system32\FINFCHECK.dll
2008-03-17 22:48 . 2002-01-15 11:30 49,152 --------- D:\WINDOWS\system32\FINSTALL.dll
2008-03-17 22:48 . 2002-02-12 16:00 45,056 --------- D:\WINDOWS\system32\FCLKBTN.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 13:11 20,480 ----a-w D:\WINDOWS\quit.exe
2008-03-26 18:00 40,960 ----a-w D:\WINDOWS\vbngfy5hmgh.exe
2008-03-23 22:51 40,960 ----a-w D:\WINDOWS\li67fnqewfsdvnbv.exe
2008-03-17 21:52 4,608 ----a-w D:\WINDOWS\system32\w95inf32.dll
2008-03-17 21:52 2,272 ----a-w D:\WINDOWS\system32\w95inf16.dll
2008-03-17 17:22 40,960 ----a-w D:\WINDOWS\fgyrtuyjmfr.exe
2008-03-14 23:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-14 23:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\Channel4
2008-03-14 16:01 --------- d-----w D:\Program Files\Pro-53
2008-03-09 19:51 --------- d-----w D:\Program Files\Common Files\Scanner
2008-03-09 19:15 --------- d-----w D:\Program Files\IObit
2008-03-09 13:56 --------- d-----w D:\Program Files\Common Files\Adobe Systems Shared
2008-03-09 13:56 --------- d-----w D:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-09 13:55 --------- d-----w D:\Program Files\Common Files\Adobe
2008-03-09 13:52 --------- d-----w D:\Documents and Settings\Aaron\Application Data\vlc
2008-03-09 13:51 --------- d-----w D:\Program Files\VideoLAN
2008-03-09 13:48 --------- d-----w D:\Program Files\Microsoft ActiveSync
2008-03-09 01:04 --------- d-----w D:\Program Files\Veoh Networks
2008-03-08 22:40 --------- d-----w D:\Program Files\Azureus
2008-03-08 22:02 --------- d-----w D:\Documents and Settings\Aaron\Application Data\Steinberg
2008-03-08 21:45 --------- d-----w D:\Program Files\Steinberg
2008-03-08 21:42 --------- d-----w D:\Program Files\Syncrosoft
2008-03-08 18:50 --------- d-----w D:\Program Files\Windows Media Connect 2
2008-03-08 18:49 246,873 --sha-w D:\WINDOWS\system32\oqtss.ini2
2008-03-08 18:09 --------- d-----w D:\Program Files\Spyware Doctor
2008-03-08 18:09 --------- d-----w D:\Documents and Settings\All Users\Application Data\TEMP
2008-03-08 18:09 --------- d-----w D:\Documents and Settings\Aaron\Application Data\PC Tools
2008-03-08 05:39 --------- d-----w D:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-08 04:50 --------- d-----w D:\Program Files\Lavasoft
2008-03-08 04:50 --------- d-----w D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 04:49 --------- d-----w D:\Documents and Settings\Aaron\Application Data\AVG7
2008-03-08 04:48 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 04:48 --------- d-----w D:\Documents and Settings\NetworkService\Application Data\AVG7
2008-03-08 04:48 --------- d-----w D:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-08 04:48 --------- d-----w D:\Documents and Settings\All Users\Application Data\avg7
2008-03-08 04:44 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-03-08 04:44 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-08 04:16 --------- d-----w D:\Documents and Settings\Aaron\Application Data\Talkback
2008-03-08 03:57 --------- d-----w D:\Program Files\Guitar Pro 4
2008-03-08 03:55 --------- d-----w D:\Program Files\SystemRequirementsLab
2008-03-08 03:34 --------- d-----w D:\Documents and Settings\Aaron\Application Data\Syntrillium
2008-03-08 03:32 --------- d-----w D:\Program Files\coolpro2
2008-03-08 02:35 --------- d-sh--w D:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 02:35 --------- d-----w D:\Program Files\Windows Live
2008-03-08 02:34 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-08 01:34 --------- d-----w D:\Documents and Settings\All Users\Application Data\Azureus
2008-03-08 01:34 --------- d-----w D:\Documents and Settings\Aaron\Application Data\Azureus
2008-03-08 01:11 --------- d-----w D:\Program Files\Google
2008-03-08 01:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-08 00:46 --------- d-----w D:\Program Files\DIFX
2008-03-07 23:56 --------- d-----w D:\Program Files\Viewpoint
2008-03-07 23:56 --------- d-----w D:\Program Files\Learn2.com
2008-03-07 23:56 --------- d-----w D:\Program Files\Common Files\aolback
2008-03-07 23:56 --------- d-----w D:\Program Files\AOL Toolbar
2008-03-07 23:56 --------- d-----w D:\Program Files\AOL Companion
2008-03-07 23:56 --------- d-----w D:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-07 23:56 --------- d-----w D:\Documents and Settings\Aaron\Application Data\You've Got Pictures Screensaver
2008-03-07 23:56 --------- d-----w D:\Documents and Settings\Aaron\Application Data\AOL
2008-03-07 23:55 8,552 ----a-w D:\WINDOWS\system32\drivers\asctrm.sys
2008-03-07 23:55 --------- d-----w D:\Program Files\Real
2008-03-07 23:55 --------- d-----w D:\Program Files\QuickTime
2008-03-07 23:55 --------- d-----w D:\Program Files\Common Files\Real
2008-03-07 23:55 --------- d-----w D:\Program Files\Common Files\Nullsoft
2008-03-07 23:55 --------- d-----w D:\Documents and Settings\All Users\Application Data\QuickTime
2008-03-07 23:54 --------- d-----w D:\Program Files\Common Files\aolshare
2008-03-07 23:54 --------- d-----w D:\Program Files\Common Files\AOL
2008-03-07 23:54 --------- d-----w D:\Program Files\AOL 9.0
2008-03-07 23:54 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL
2008-03-07 23:38 --------- d-----w D:\Program Files\Line6
2008-03-07 23:38 --------- d-----w D:\Documents and Settings\Aaron\Application Data\Line 6
2008-02-21 02:05 200,704 ----a-w D:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w D:\WINDOWS\system32\libdivx.dll
.
Code: 
<pre>
----a-w         1,422,675 2008-03-10 03:16:34  D:\Documents and Settings\Aaron\My Documents\Azureus Downloads\VST & DX Softsynth & Effects Mega Pack\Lexicon PSP 42 v1.0 .exe
----a-w         5,104,459 2008-03-09 13:55:50  D:\Documents and Settings\Aaron\My Documents\Azureus Downloads\VST & DX Softsynth & Effects Mega Pack\NI FM7 Synth Native instruments .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31CC47A0-B436-4E3E-8FFD-987428BE40D3}]
2008-02-08 01:07 217088 --a------ D:\Program Files\MSN\kori89104.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{908893ED-AA87-4CAF-85A9-AB08E76DE053}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Veoh"="D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 21:42 3537968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MVRescue"="C:\MVRescue\mvrescue quit" [ ]
"NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [2003-04-25 10:05 4493312]
"nwiz"="nwiz.exe" [2003-04-25 10:05 323584 D:\WINDOWS\system32\nwiz.exe]
"StorageGuard"="D:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 01:01 155648]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 18:56 24576 D:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="D:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"CTStartup"="D:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00 28672]
"AOLDialer"="D:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 15:30 71008]
"RealTray"="D:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-03-08 00:55 26112]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2008-03-08 00:56 98304]
"{F1-11-1E-E2-DW}"="d:\windows\system32\rwwnw64d.exe" [ ]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 18:30 579584]
"ISTray"="D:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"HostManager"="D:\Program Files\Common Files\AOL\1205007047\ee\AOLSoftware.exe" [2006-09-26 00:52 50736]
"H2O"="D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"REGSHAVE"="D:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 22:56 15360]
"AVG7_Run"="D:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-08 05:48 219136]

D:\Documents and Settings\Aaron\Start Menu\Programs\Startup\
Adobe Gamma.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - D:\Program Files\AOL 9.0\aoltray.exe [2008-03-08 00:55:11 156784]
Google Updater.lnk - D:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-08 02:11:09 125624]
Exif Launcher.lnk - D:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 03:53:14 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkhgd]
opnkhgd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqpnk]
urqqpnk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\AOL 9.0\\waol.exe"=
"D:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"D:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"D:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"D:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"D:\\Program Files\\Azureus\\Azureus.exe"=
"D:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"D:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"D:\\Program Files\\Common Files\\AOL\\1205007047\\ee\\aolsoftware.exe"=
"D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\Program Files\\Messenger\\MSMSGS.EXE"=

R3 CLEDX;Team H2O CLEDX service;D:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);D:\WINDOWS\system32\Drivers\GPWADrv.sys [2004-10-25 21:09]
R3 L6DP;L6DP;D:\WINDOWS\system32\Drivers\l6dp.sys [2002-07-16 03:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7323ef38-7702-11d7-93d5-806d6172696f}]
\shell\play\Command - "D:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 19:02:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???????|:2????wd??w????????\???\??????????????w-??w\???\?????????_??????C@?\???\??????s????\??????s\???`:2?A??s`:2??C@?x???`|?w\?????@

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
D:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
D:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
D:\PROGRAM FILES\GRISOFT\AVG7\AVGUPSVC.EXE
D:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
D:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
D:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
D:\PROGRAM FILES\SPYWARE DOCTOR\PCTSAUXS.EXE
D:\PROGRAM FILES\SPYWARE DOCTOR\PCTSSVC.EXE
D:\program files\common files\aol\1205007047\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
.
**************************************************************************
.
Completion time: 2008-04-17 19:05:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-17 18:05:28

Pre-Run: 37,371,150,336 bytes free
Post-Run: 37,421,613,056 bytes free
.
2008-04-17 16:34:48 --- E O F ---





HijackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:28, on 17/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\Program Files\Real\RealPlayer\RealPlay.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\Common Files\AOL\1205007047\ee\AOLSoftware.exe
D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\AOL 9.0\aoltray.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\FinePixViewer\QuickDCF.exe
d:\program files\common files\aol\1205007047\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
d:\program files\common files\aol\1205007047\ee\aolsoftware.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31CC47A0-B436-4E3E-8FFD-987428BE40D3} - D:\Program Files\MSN\kori89104.dll
O2 - BHO: (no name) - {908893ED-AA87-4CAF-85A9-AB08E76DE053} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StorageGuard] "D:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{F1-11-1E-E2-DW}] d:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [HostManager] D:\Program Files\Common Files\AOL\1205007047\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = D:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Exif Launcher.lnk = D:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1204946899515
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O20 - Winlogon Notify: opnkhgd - opnkhgd.dll (file missing)
O20 - Winlogon Notify: urqqpnk - urqqpnk.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8393 bytes
 
oh dude, your problem is that you were running Azerus. The best way to get a virus or anything else on your computer is by running those crappy P2P applications.

Get rid of all that crap and then clean it out again. Reboot and hold down the shift key while booting to stop all start up processes (user processes) then run it.
 
Hello, lots of infection showing :)

Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.

  • Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
  • Click Format, and ensure Word Wrap is unchecked.
  • Copy and Paste the text in the box below into Notepad.
  • Now save the file as RemoveFiles.txt in a location where you can find it.

Files to delete:
D:\WINDOWS\quit.exe
D:\WINDOWS\vbngfy5hmgh.exe
D:\WINDOWS\li67fnqewfsdvnbv.exe
D:\WINDOWS\fgyrtuyjmfr.exe
D:\WINDOWS\system32\oqtss.ini2
d:\windows\system32\rwwnw64d.exe
D:\WINDOWS\system32\jlkkj.ini2
D:\WINDOWS\system32\jlkkj.ini
D:\WINDOWS\nmtyyrgbg.exe

Folders to delete:
D:\FOUND.003
D:\FOUND.004
D:\FOUND.005
Click to expand...

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.
  • Check Load script from file:
  • Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
  • Double click it to enter it into Avenger.
  • Click the green traffic light symbol.
  • You will be asked if you want to execute the script, answer Yes.
  • At this point you may get prompts from your protection systems, allow them please.
  • Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
  • Answer Yes, and allow your computer to re-boot.
  • Upon re-boot a command window will briefly appear on screen (this is normal).
  • A Notepad text file will be created C:\avenger.txt.
  • Copy and Paste it into your next post please.

Then please post a new combofix and Hijackthis log.

In your next reply, please post:
  • The avenger script
  • A new combofix script
  • A new HJT log

:)
 
Thanks for your time on this.

Avenger log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "D:\WINDOWS\quit.exe" deleted successfully.
File "D:\WINDOWS\vbngfy5hmgh.exe" deleted successfully.
File "D:\WINDOWS\li67fnqewfsdvnbv.exe" deleted successfully.
File "D:\WINDOWS\fgyrtuyjmfr.exe" deleted successfully.
File "D:\WINDOWS\system32\oqtss.ini2" deleted successfully.

Error: file "d:\windows\system32\rwwnw64d.exe" not found!
Deletion of file "d:\windows\system32\rwwnw64d.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "D:\WINDOWS\system32\jlkkj.ini2" deleted successfully.
File "D:\WINDOWS\system32\jlkkj.ini" deleted successfully.
File "D:\WINDOWS\nmtyyrgbg.exe" deleted successfully.
Folder "D:\FOUND.003" deleted successfully.
Folder "D:\FOUND.004" deleted successfully.
Folder "D:\FOUND.005" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

ComboFix log:

ComboFix 08-04-16.5 - Aaron 2008-04-17 21:02:35.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.111 [GMT 1:00]
Running from: D:\Documents and Settings\Aaron\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.

2008-04-17 18:01 . 2008-04-17 18:01 <DIR> d-------- D:\Program Files\Trend Micro
2008-04-13 21:39 . 2008-04-13 21:39 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-04-13 21:39 . 2008-04-13 21:39 1,409 --a------ D:\WINDOWS\QTFont.for
2008-04-06 14:28 . 2008-04-06 14:28 <DIR> d-------- D:\Program Files\DivX
2008-03-29 23:42 . 2008-03-29 23:42 <DIR> d-------- D:\Program Files\PC Drivers HeadQuarters
2008-03-29 21:46 . 2008-04-02 14:12 36,864 --a------ D:\WINDOWS\system32\ghf.exe
2008-03-29 14:30 . 2008-03-29 14:30 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-03-22 23:11 . 2008-03-22 23:11 <DIR> d-------- D:\Documents and Settings\Aaron\Application Data\dvdcss
2008-03-17 22:52 . 2008-03-17 22:52 <DIR> d-------- D:\Program Files\ArcSoft
2008-03-17 22:50 . 2008-03-17 22:50 <DIR> d-------- D:\Program Files\FinePixViewer
2008-03-17 22:49 . 2004-08-04 00:56 53,760 --a------ D:\WINDOWS\system32\vfwwdm32.dll
2008-03-17 22:49 . 2004-08-04 00:56 53,760 --a------ D:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-17 22:49 . 2004-08-04 00:56 28,672 --a------ D:\WINDOWS\system32\vidcap.ax
2008-03-17 22:49 . 2004-08-04 00:56 28,672 --a------ D:\WINDOWS\system32\dllcache\vidcap.ax
2008-03-17 22:48 . 2008-03-17 22:48 <DIR> d-------- D:\Program Files\REGSHAVE
2008-03-17 22:48 . 2001-11-24 17:11 81,924 --------- D:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-03-17 22:48 . 2001-11-25 02:11 81,924 --a------ D:\WINDOWS\system32\drivers\V4CB0115.SYS
2008-03-17 22:48 . 2001-11-25 02:11 81,924 --a------ D:\WINDOWS\system32\drivers\V4CB010B.SYS
2008-03-17 22:48 . 2001-11-21 21:09 81,796 --a------ D:\WINDOWS\system32\drivers\V4CB0109.SYS
2008-03-17 22:48 . 2002-02-04 22:33 69,632 --------- D:\WINDOWS\system32\FREGSHEX.DLL
2008-03-17 22:48 . 2002-02-26 17:27 65,536 --------- D:\WINDOWS\system32\FINFCHECK.dll
2008-03-17 22:48 . 2002-01-15 11:30 49,152 --------- D:\WINDOWS\system32\FINSTALL.dll
2008-03-17 22:48 . 2002-02-12 16:00 45,056 --------- D:\WINDOWS\system32\FCLKBTN.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 23:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-14 23:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\Channel4
2008-03-14 16:01 --------- d-----w D:\Program Files\Pro-53
2008-03-09 19:51 --------- d-----w D:\Program Files\Common Files\Scanner
2008-03-09 19:15 --------- d-----w D:\Program Files\IObit
2008-03-09 13:56 --------- d-----w D:\Program Files\Common Files\Adobe Systems Shared
2008-03-09 13:56 --------- d-----w D:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-09 13:55 --------- d-----w D:\Program Files\Common Files\Adobe
2008-03-09 13:52 --------- d-----w D:\Documents and Settings\Aaron\Application Data\vlc
2008-03-09 13:51 --------- d-----w D:\Program Files\VideoLAN
2008-03-09 13:48 --------- d-----w D:\Program Files\Microsoft ActiveSync
2008-03-09 01:04 --------- d-----w D:\Program Files\Veoh Networks
2008-03-08 22:40 --------- d-----w D:\Program Files\Azureus
2008-03-08 22:02 --------- d-----w D:\Documents and Settings\Aaron\Application Data\Steinberg
2008-03-08 21:45 --------- d-----w D:\Program Files\Steinberg
2008-03-08 21:42 --------- d-----w D:\Program Files\Syncrosoft
2008-03-08 18:50 --------- d-----w D:\Program Files\Windows Media Connect 2
2008-03-08 18:09 --------- d-----w D:\Program Files\Spyware Doctor
2008-03-08 18:09 --------- d-----w D:\Documents and Settings\All Users\Application Data\TEMP
2008-03-08 18:09 --------- d-----w D:\Documents and Settings\Aaron\Application Data\PC Tools
2008-03-08 05:39 --------- d-----w D:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-08 04:50 --------- d-----w D:\Program Files\Lavasoft
2008-03-08 04:50 --------- d-----w D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 04:49 --------- d-----w D:\Documents and Settings\Aaron\Application Data\AVG7
2008-03-08 04:48 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 04:48 --------- d-----w D:\Documents and Settings\NetworkService\Application Data\AVG7
2008-03-08 04:48 --------- d-----w D:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-08 04:48 --------- d-----w D:\Documents and Settings\All Users\Application Data\avg7
2008-03-08 04:44 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-03-08 04:44 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-08 04:16 --------- d-----w D:\Documents and Settings\Aaron\Application Data\Talkback
2008-03-08 03:57 --------- d-----w D:\Program Files\Guitar Pro 4
2008-03-08 03:55 --------- d-----w D:\Program Files\SystemRequirementsLab
2008-03-08 03:34 --------- d-----w D:\Documents and Settings\Aaron\Application Data\Syntrillium
2008-03-08 03:32 --------- d-----w D:\Program Files\coolpro2
2008-03-08 02:35 --------- d-sh--w D:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 02:35 --------- d-----w D:\Program Files\Windows Live
2008-03-08 02:34 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-08 01:34 --------- d-----w D:\Documents and Settings\All Users\Application Data\Azureus
2008-03-08 01:34 --------- d-----w D:\Documents and Settings\Aaron\Application Data\Azureus
2008-03-08 01:11 --------- d-----w D:\Program Files\Google
2008-03-08 01:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-08 00:46 --------- d-----w D:\Program Files\DIFX
2008-03-07 23:56 --------- d-----w D:\Program Files\Viewpoint
2008-03-07 23:56 --------- d-----w D:\Program Files\Learn2.com
2008-03-07 23:56 --------- d-----w D:\Program Files\Common Files\aolback
2008-03-07 23:56 --------- d-----w D:\Program Files\AOL Toolbar
2008-03-07 23:56 --------- d-----w D:\Program Files\AOL Companion
2008-03-07 23:56 --------- d-----w D:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-07 23:56 --------- d-----w D:\Documents and Settings\Aaron\Application Data\You've Got Pictures Screensaver
2008-03-07 23:56 --------- d-----w D:\Documents and Settings\Aaron\Application Data\AOL
2008-03-07 23:55 8,552 ----a-w D:\WINDOWS\system32\drivers\asctrm.sys
2008-03-07 23:55 --------- d-----w D:\Program Files\Real
2008-03-07 23:55 --------- d-----w D:\Program Files\QuickTime
2008-03-07 23:55 --------- d-----w D:\Program Files\Common Files\Real
2008-03-07 23:55 --------- d-----w D:\Program Files\Common Files\Nullsoft
2008-03-07 23:55 --------- d-----w D:\Documents and Settings\All Users\Application Data\QuickTime
2008-03-07 23:54 --------- d-----w D:\Program Files\Common Files\aolshare
2008-03-07 23:54 --------- d-----w D:\Program Files\Common Files\AOL
2008-03-07 23:54 --------- d-----w D:\Program Files\AOL 9.0
2008-03-07 23:54 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL
2008-03-07 23:38 --------- d-----w D:\Program Files\Line6
2008-03-07 23:38 --------- d-----w D:\Documents and Settings\Aaron\Application Data\Line 6
.
Code: 
<pre>
----a-w         1,422,675 2008-03-10 03:16:34  D:\Documents and Settings\Aaron\My Documents\Azureus Downloads\VST & DX Softsynth & Effects Mega Pack\Lexicon PSP 42 v1.0 .exe
----a-w         5,104,459 2008-03-09 13:55:50  D:\Documents and Settings\Aaron\My Documents\Azureus Downloads\VST & DX Softsynth & Effects Mega Pack\NI FM7 Synth Native instruments .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31CC47A0-B436-4E3E-8FFD-987428BE40D3}]
2008-02-08 01:07 217088 --a------ D:\Program Files\MSN\kori89104.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{908893ED-AA87-4CAF-85A9-AB08E76DE053}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Veoh"="D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 21:42 3537968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MVRescue"="C:\MVRescue\mvrescue quit" [ ]
"NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [2003-04-25 10:05 4493312]
"nwiz"="nwiz.exe" [2003-04-25 10:05 323584 D:\WINDOWS\system32\nwiz.exe]
"StorageGuard"="D:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 01:01 155648]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 18:56 24576 D:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="D:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"CTStartup"="D:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00 28672]
"AOLDialer"="D:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 15:30 71008]
"RealTray"="D:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-03-08 00:55 26112]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2008-03-08 00:56 98304]
"{F1-11-1E-E2-DW}"="d:\windows\system32\rwwnw64d.exe" [ ]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 18:30 579584]
"ISTray"="D:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"HostManager"="D:\Program Files\Common Files\AOL\1205007047\ee\AOLSoftware.exe" [2006-09-26 00:52 50736]
"H2O"="D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"REGSHAVE"="D:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 22:56 15360]
"AVG7_Run"="D:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-08 05:48 219136]

D:\Documents and Settings\Aaron\Start Menu\Programs\Startup\
Adobe Gamma.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - D:\Program Files\AOL 9.0\aoltray.exe [2008-03-08 00:55:11 156784]
Google Updater.lnk - D:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-08 02:11:09 125624]
Exif Launcher.lnk - D:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 03:53:14 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkhgd]
opnkhgd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqpnk]
urqqpnk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\AOL 9.0\\waol.exe"=
"D:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"D:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"D:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"D:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"D:\\Program Files\\Azureus\\Azureus.exe"=
"D:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"D:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"D:\\Program Files\\Common Files\\AOL\\1205007047\\ee\\aolsoftware.exe"=
"D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\Program Files\\Messenger\\MSMSGS.EXE"=

R3 CLEDX;Team H2O CLEDX service;D:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);D:\WINDOWS\system32\Drivers\GPWADrv.sys [2004-10-25 21:09]
R3 L6DP;L6DP;D:\WINDOWS\system32\Drivers\l6dp.sys [2002-07-16 03:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7323ef38-7702-11d7-93d5-806d6172696f}]
\shell\play\Command - "D:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

.
**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???????|:2????wd??w????????\???\??????????????w-??w\???\?????????`??????C@?\???\??????s????\??????s\???`:2?A??s`:2??C@?x???`|?w\?????@

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-04-17 21:07:40
ComboFix-quarantined-files.txt 2008-04-17 20:07:36
ComboFix2.txt 2008-04-17 18:05:46

Pre-Run: 37,334,319,104 bytes free
Post-Run: 37,319,704,576 bytes free
.
2008-04-17 16:34:48 --- E O F ---

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:09, on 17/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\VERITAS Software\Update Manager\sgtray.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\Program Files\Real\RealPlayer\RealPlay.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\Common Files\AOL\1205007047\ee\AOLSoftware.exe
D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
D:\Program Files\AOL 9.0\aoltray.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\FinePixViewer\QuickDCF.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
d:\program files\common files\aol\1205007047\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
d:\program files\common files\aol\1205007047\ee\aolsoftware.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31CC47A0-B436-4E3E-8FFD-987428BE40D3} - D:\Program Files\MSN\kori89104.dll
O2 - BHO: (no name) - {908893ED-AA87-4CAF-85A9-AB08E76DE053} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StorageGuard] "D:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{F1-11-1E-E2-DW}] d:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [HostManager] D:\Program Files\Common Files\AOL\1205007047\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = D:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Exif Launcher.lnk = D:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1204946899515
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O20 - Winlogon Notify: opnkhgd - opnkhgd.dll (file missing)
O20 - Winlogon Notify: urqqpnk - urqqpnk.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8487 bytes
 
I'm suspicious about a file, please follow these steps:

go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

D:\WINDOWS\QTFont.qfn
D:\WINDOWS\QTFont.for

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.


By the way, how is your system running now?
 
tlarkin said:
Take off Azerus and Limewire then and never ever install them again.
Click to expand...

I don't have Limewire, and I don't use Azeurus for p2p - only torrents.

I restored my pc to factory settings a while ago because I had so many viruses. Within literally minutes I had a million popups. This was way before I reinstalled Azeurus so it cannot solely be down to that (if at all).
 
samurai340 said:
I don't have Limewire, and I don't use Azeurus for p2p - only torrents.

I restored my pc to factory settings a while ago because I had so many viruses. Within literally minutes I had a million popups. This was way before I reinstalled Azeurus so it cannot solely be down to that (if at all).
Click to expand...

Torrents are technically P2P...

anyway, use something like uTorrent where you can actually view all the files before you download them and a lot of times you can spot viruses and the like. Also download from trusted sources, public trackers you are asking for it.

However, I am sure you don't need any lecturing you know all too well that downloading pirated software has the chance of having a virus.
 
Actually it's not totally over, let's clean up your HJT:

Open Hijackthis and do a system scan.
place a checkmark next to those lines and then click on fix.
O4 - HKLM\..\Run: [{F1-11-1E-E2-DW}] d:\windows\system32\rwwnw64d.exe DWram
O20 - Winlogon Notify: opnkhgd - opnkhgd.dll (file missing)
O20 - Winlogon Notify: urqqpnk - urqqpnk.dll (file missing)
Click to expand...

Post a fresh HJT log after you've done that.
 
You must log in or register to reply here.
Back
Top