Unknown virus or trojan HijackThis log file

[edifier]

Download this file : Combofix here - http://download.bleepingcomputer.com/sUBs/combofix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log.

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall.

 

[A49ers2121]

Alex - 06-11-28 18:37:36.10 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Alex\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Program Files\Inetget2
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{6074DF77-07D9-1033-1028-050507270001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\system32\SKS~1
C:\QooBox\Purity\WINDOWS\system32\SKS~1\ç?sks
C:\QooBox\Purity\WINDOWS\system32\SKS~1\ç?sks\ctxad-505.0000


((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))


2006-11-26 15:50 126,996 --a------ C:\WINDOWS\system32\gljscxjy.dll
2006-11-26 15:20 <DIR> d-------- C:\!KillBox
2006-11-26 14:30 4,150 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-26 14:03 2,984 --a------ C:\WINDOWSvundofix.reg
2006-11-26 13:55 110,612 --a------ C:\WINDOWS\system32\gykggygy.exe
2006-11-26 10:20 110,612 --a------ C:\WINDOWS\system32\hnknjryu.exe
2006-11-26 10:09 <DIR> d-------- C:\VundoFix Backups
2006-11-26 10:07 110,612 --a------ C:\WINDOWS\system32\uxpyfngt.exe
2006-11-26 10:01 110,612 --a------ C:\WINDOWS\system32\wswkdiix.exe
2006-11-26 10:01 110,612 --a------ C:\WINDOWS\system32\ikclperg.exe
2006-11-26 09:47 126,996 --a------ C:\WINDOWS\system32\hebiphnn.dll
2006-11-26 09:46 110,612 --a------ C:\WINDOWS\system32\vxfykxnl.exe
2006-11-26 09:43 126,996 --a------ C:\WINDOWS\system32\ebfknvuu.dll
2006-11-26 09:43 110,612 --a------ C:\WINDOWS\system32\pehlyxgx.exe
2006-11-26 09:43 110,612 --a------ C:\WINDOWS\system32\olpnytku.exe
2006-11-25 21:37 126,996 --a------ C:\WINDOWS\system32\vaorrquu.dll
2006-11-25 21:37 110,612 --a------ C:\WINDOWS\system32\wpieowhm.exe
2006-11-25 21:33 126,996 --a------ C:\WINDOWS\system32\xtvdctkn.dll
2006-11-25 21:07 110,612 --a------ C:\WINDOWS\system32\llcbpedo.exe
2006-11-25 21:02 110,612 --a------ C:\WINDOWS\system32\guhkddxn.exe
2006-11-25 21:00 110,612 --a------ C:\WINDOWS\system32\crwljtae.exe
2006-11-25 20:58 110,612 --a------ C:\WINDOWS\system32\oeiweqas.exe
2006-11-25 20:57 126,996 --a------ C:\WINDOWS\system32\oyjpimja.dll
2006-11-25 20:57 110,612 --a------ C:\WINDOWS\system32\dxxhotec.exe
2006-11-25 20:56 <DIR> d--hs---- C:\WINDOWS\CSC
2006-11-25 20:32 126,996 --a------ C:\WINDOWS\system32\tccyjtrn.dll
2006-11-25 20:31 110,612 --a------ C:\WINDOWS\system32\ucgmswia.exe
2006-11-24 23:34 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-24 22:31 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-24 22:31 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-24 22:31 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-24 22:31 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-24 14:13 110,612 --a------ C:\WINDOWS\system32\oplfgnlm.exe
2006-11-24 14:13 <DIR> d-------- C:\Program Files\VSAdd-in
2006-11-24 09:54 40,973 ---hs---- C:\WINDOWS\system32\fcccccb.dll
2006-11-23 13:03 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-11-23 11:43 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
2006-11-23 10:18 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-23 10:18 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-23 10:16 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-23 10:16 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-23 10:14 <DIR> d-------- C:\WINDOWS\cache
2006-11-22 16:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-22 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-22 15:51 <DIR> d-------- C:\Program Files\NoAdware4
2006-11-22 15:07 3,052 --a------ C:\WINDOWS\system32\fxmngr.exe
2006-11-22 14:58 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2006-11-22 14:58 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-11-22 14:58 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2006-11-22 14:58 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2006-11-17 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-15 17:03 <DIR> d-------- C:\Program Files\Lexmark 4200 Series
2006-11-15 16:48 69,632 --a------ C:\WINDOWS\system32\lxbmscin.dll
2006-11-15 16:37 <DIR> d-------- C:\Lxk4-1Fax
2006-11-15 16:33 <DIR> d-------- C:\Lxk4200
2006-11-13 15:51 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Ahead
2006-11-12 11:10 <DIR> d-------- C:\Documents and Settings\Alex\.housecall6.6
2006-11-07 18:25 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-28 18:37 -------- d-------- C:\Program Files\Common Files
2006-11-26 15:06 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-24 23:34 -------- d-------- C:\Program Files\Grisoft
2006-11-23 10:30 -------- d-------- C:\Program Files\Internet Explorer
2006-11-19 14:11 -------- d-------- C:\Program Files\Java
2006-11-15 16:57 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-13 16:19 -------- d-------- C:\Documents and Settings\Alex\Application Data\AdobeUM
2006-11-12 17:51 -------- d-------- C:\Documents and Settings\Alex\Application Data\Apple Computer
2006-11-05 13:21 -------- d-------- C:\Documents and Settings\Alex\Application Data\Adobe
2006-10-13 06:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 06:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 04:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-04 17:30 -------- d-------- C:\Documents and Settings\Alex\Application Data\LimeWire
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"SoundMan"="SOUNDMAN.EXE"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ntiMUI"="c:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"Lexmark 4200 Series"="\"C:\\Program Files\\Lexmark 4200 Series\\lxbmbmgr.exe\""
"LaunchApp"="Alaunch"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1144176182\\ee\\AOLSoftware.exe"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"AGRSMMSG"="AGRSMMSG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-11-28 18:37:54.53
C:\ComboFix.txt ... 06-11-28 18:37

 

[edifier]

I'm going to have you run another cleaning tool so follow the directions here and post the log after - http://forums.majorgeeks.com/showthread.php?t=74338

 

[A49ers2121]

the program will not run, no error message comes up it just doesnt ever reopen.

 

[edifier]

Disable any security programs that are running first and then make sure you follow the directions carefully and try again.