Toine

hello guys,

My symantec antivirus keeps popping up a virus: trojan.vundo.b

The locations:
C:\WINDOWS\system32\jkkLCsSl.dll
C:\WINDOWS\system32\ssqqqqqn.dll

He says it's not possible to delete or even to put in quarantaine.
I downloaded a removal tool of symantec specfied for vundo.b but then he says he can not find a thing.

I get popups of advertisement all the time and errors if I'm on the internet. Sometimes closing programs at once, etc.

Thanks in advance for your help.

Here's my Pandascan log:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-22 18:32:05
PROTECTIONS: 3
MALWARE: 13
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec Antivirus Corporate Edition 8.0 No Yes
Windows Defender 1.1.3520.0 No No
Norton Antivirus Edition 7.5 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Topscore\Cookies\topscore@doubleclick[1].txt
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\APPS\Process.exe
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Topscore\Cookies\topscore@tribalfusion[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Topscore\Cookies\topscore@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Topscore\Cookies\topscore@apmebf[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Topscore\Cookies\topscore@weborama[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Topscore\Cookies\topscore@advertising[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Topscore\Cookies\topscore@searchportal.information[1].txt
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Topscore\Bureaublad\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Topscore\Bureaublad\ComboFix.exe[327882R2FWJFW\nircmd.com]
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\WNUVWOFQ.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\DYFNIWCS.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\AUBTITSN.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\BVVXQKSF.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\KXQCTANE.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\ACAHMXMB.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\Documents and Settings\Topscore\Local Settings\Temporary Internet Files\Content.IE5\G0EDXZ9Q\yaypalassamosvala[1]
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\JPXIBEDS.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\HJFVWURV.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\SFGCTWXB.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\MXRRFTNB.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\MKFOBGDY.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\YTVOHQUC.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\DBNCBTJP.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\KTRLEKRX.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\OGPDTRAK.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\BANMFCUC.EXE
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\WLDBUBUD.EXE
02957290 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\ljJARhff.dll
02957290 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\rqRJDtRL.dll
02957290 Generic Trojan Virus/Trojan Yes 0 Yes No C:\WINDOWS\SYSTEM32\JKKLCSSL.DLL
02957290 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\ssqPiihF.dll
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\MWCMVBWE.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\KSHNNVLH.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\UEVELGBJ.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\BEIFCQQT.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\UCAHUPFD.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\NNBEOIDV.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\UJMPTFSJ.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\HOCMLIHR.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\CGBMEXMI.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\GPDTYUFV.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\PVTDMDIQ.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\TORFDMHW.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\WTPSSKFN.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{EB47C57A-3F33-41EA-BE32-DB549E3E74AA}\RP82\A0025012.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\DOSKHRNQ.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\BXUBWAYS.DLL
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\TWLGFTOT.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\TYARDVCY.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\HKPWIHNN.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\EURJHTCL.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\TUTSVBNS.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\XWGOTOMP.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\AJPKNFSK.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\HPLMUQJM.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\WVNLRGOU.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\ISQCDEMF.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\OYBSENLI.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\DAAREWDE.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\IGKOTPXP.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\APDRHDQI.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\BSSYOMNE.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\VIJDARYP.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\JGLUWOMR.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\NVGPLBLG.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\DMKFAAXM.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\LUAEYXWX.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\EDRXLBKG.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\WGTDGYHF.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\SOSMUDKS.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\WIVUYRSA.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\USRJGCCG.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\ARVFHKPI.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\MJGSYXEH.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\NXTSFPWD.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\GOAKGWOT.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\SIMSVKED.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\NBHLWSYV.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\VVFVQFNH.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\KJSOQIQK.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{EB47C57A-3F33-41EA-BE32-DB549E3E74AA}\RP82\A0025006.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\EUMLTVCM.DLL
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\MKIWEAMX.DLL
;===================================================================================================================================================================================
SUSPECTS
Sent Location p
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description p
;===================================================================================================================================================================================
;===================================================================================================================================================================================

And my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:06 , on 22-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\a49d784415582d2f98c84ceb0a75d898\update\update.exe
C:\Documents and Settings\Topscore\Local Settings\Temporary Internet Files\Content.IE5\OR5T2B7B\dss[1].exe
C:\MYDOWN~1\HIJACK~1\Topscore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {02A96BA3-A7D5-42A9-A20B-0E87F81988DD} - C:\WINDOWS\system32\ssqqqqqn.dll
O2 - BHO: (no name) - {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} - C:\WINDOWS\system32\jkkLCsSl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {14ed6e44-f3f8-5caa-40f4-bd88ee6212c9} - {9c2126ee-88db-4f04-aac5-8f3f44e6de41} - C:\WINDOWS\system32\wqlrwbux.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {F41EBA00-9A37-45ED-9FC7-575AA12E02D9} - C:\WINDOWS\system32\efcBqnmj.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\vvpghxql.dll",s
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ydydcorv.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.photogize.com/nl/saxfile.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://toine87.spaces.live.com//Phot...d/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125591192203
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161416566208
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigm...eUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/static...eUploader4.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5450FDA8-F964-48FF-8C8D-027E2B93DC2C}: NameServer = 10.0.0.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkLCsSl - C:\WINDOWS\SYSTEM32\jkkLCsSl.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 15134 bytes


cheers

please help me!

TheBruce1

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

=========
Logs Required
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<---Attached

__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information.



Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit.


If we have helped you in anyway,please consider Donating

Toine

Ok I did it. Here is the main.txt log from dss.exe:

Deckard's System Scanner v20071014.68
Run by Topscore on 2008-05-27 10:43:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Topscore.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:29 , on 27-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Documents and Settings\Topscore\Bureaublad\dss.exe
C:\MYDOWN~1\HIJACK~1\Topscore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://desheren1.gethost.nl/website/...tpage&Itemid=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\vvpghxql.dll",s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.photogize.com/nl/saxfile.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://toine87.spaces.live.com//Phot...d/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125591192203
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161416566208
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigm...eUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/static...eUploader4.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5450FDA8-F964-48FF-8C8D-027E2B93DC2C}: NameServer = 10.0.0.138
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: jkkLCsSl - jkkLCsSl.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 14612 bytes

-- Files created between 2008-04-27 and 2008-05-27 -----------------------------

2008-05-24 11:25:03 0 d--h----- C:\$AVG8.VAULT$
2008-05-24 11:02:57 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-24 11:02:14 0 d-------- C:\Program Files\AVG
2008-05-24 11:02:11 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-22 15:22:31 0 d-------- C:\Program Files\Panda Security
2008-05-21 08:31:00 0 --a------ C:\WINDOWS\system32\vvfvqfnh.dll
2008-05-19 22:41:53 0 --a------ C:\WINDOWS\system32\wgtdgyhf.dll
2008-05-19 22:38:53 0 --a------ C:\WINDOWS\system32\edrxlbkg.dll
2008-05-19 21:47:53 0 --a------ C:\WINDOWS\system32\gpdtyufv.dll
2008-05-19 21:38:53 0 --a------ C:\WINDOWS\system32\nvgplblg.dll
2008-05-19 21:35:53 0 --a------ C:\WINDOWS\system32\jgluwomr.dll
2008-05-19 20:41:53 0 --a------ C:\WINDOWS\system32\torfdmhw.dll
2008-05-19 20:35:53 0 --a------ C:\WINDOWS\system32\apdrhdqi.dll
2008-05-19 20:32:53 0 --a------ C:\WINDOWS\system32\igkotpxp.dll
2008-05-19 19:35:53 0 --a------ C:\WINDOWS\system32\mwcmvbwe.dll
2008-05-19 19:32:53 0 --a------ C:\WINDOWS\system32\eumltvcm.dll
2008-05-19 19:29:53 0 --a------ C:\WINDOWS\system32\wvnlrgou.dll
2008-05-19 18:35:53 0 --a------ C:\WINDOWS\system32\bxubways.dll
2008-05-19 18:29:53 0 --a------ C:\WINDOWS\system32\tutsvbns.dll
2008-05-19 18:26:59 0 --a------ C:\WINDOWS\system32\eurjhtcl.dll
2008-05-19 17:32:54 0 --a------ C:\WINDOWS\system32\twlgftot.dll
2008-05-19 17:26:53 0 --a------ C:\WINDOWS\system32\ajpknfsk.dll
2008-05-19 17:23:54 0 --a------ C:\WINDOWS\system32\hplmuqjm.dll
2008-05-19 16:26:53 0 --a------ C:\WINDOWS\system32\wtpsskfn.dll
2008-05-19 16:23:53 0 --a------ C:\WINDOWS\system32\bssyomne.dll
2008-05-19 16:20:53 0 --a------ C:\WINDOWS\system32\mkiweamx.dll
2008-05-19 16:18:34 0 --a------ C:\WINDOWS\system32\luaeyxwx.dll
2008-05-19 15:24:01 0 --a------ C:\WINDOWS\system32\cgbmexmi.dll
2008-05-19 15:18:55 0 --a------ C:\WINDOWS\system32\arvfhkpi.dll
2008-05-19 15:17:16 0 --a------ C:\WINDOWS\system32\mjgsyxeh.dll
2008-05-19 15:13:27 0 --a------ C:\WINDOWS\system32\oybsenli.dll
2008-05-18 12:08:00 0 --a------ C:\WINDOWS\system32\ucahupfd.dll
2008-05-18 11:59:41 0 --a------ C:\WINDOWS\system32\xwgotomp.dll
2008-05-18 11:57:51 0 --a------ C:\WINDOWS\system32\dmkfaaxm.dll
2008-05-18 11:54:27 0 --a------ C:\WINDOWS\system32\nxtsfpwd.dll
2008-05-18 00:20:42 0 --a------ C:\WINDOWS\system32\kshnnvlh.dll
2008-05-18 00:14:42 0 --a------ C:\WINDOWS\system32\simsvked.dll
2008-05-18 00:11:42 0 --a------ C:\WINDOWS\system32\sosmudks.dll
2008-05-17 23:17:42 0 --a------ C:\WINDOWS\system32\pvtdmdiq.dll
2008-05-17 23:11:42 0 --a------ C:\WINDOWS\system32\isqcdemf.dll
2008-05-17 23:08:42 0 --a------ C:\WINDOWS\system32\tyardvcy.dll
2008-05-17 22:14:42 0 --a------ C:\WINDOWS\system32\doskhrnq.dll
2008-05-17 22:08:42 0 --a------ C:\WINDOWS\system32\daarewde.dll
2008-05-17 22:05:42 0 --a------ C:\WINDOWS\system32\vijdaryp.dll
2008-05-17 21:08:42 0 --a------ C:\WINDOWS\system32\hocmlihr.dll
2008-05-17 21:05:42 0 --a------ C:\WINDOWS\system32\wivuyrsa.dll
2008-05-17 21:02:43 0 --a------ C:\WINDOWS\system32\usrjgccg.dll
2008-05-17 17:00:09 0 --a------ C:\WINDOWS\system32\ujmptfsj.dll
2008-05-14 12:04:17 0 --a------ C:\WINDOWS\system32\nbhlwsyv.dll
2008-05-13 12:03:01 0 --a------ C:\WINDOWS\system32\nnbeoidv.dll
2008-05-13 11:57:55 0 --a------ C:\WINDOWS\system32\goakgwot.dll
2008-05-11 21:15:49 0 --a------ C:\WINDOWS\system32\beifcqqt.dll
2008-05-10 2014 0 --a------ C:\WINDOWS\system32\uevelgbj.dll
2008-05-10 20:01:42 0 --a------ C:\WINDOWS\system32\kjsoqiqk.dll
2008-05-08 19:56:40 0 d--hs---- C:\FOUND.006
2008-05-08 15:32:01 454176 --ahs---- C:\WINDOWS\system32\nqqqqqss.ini2
2008-05-08 15:14:09 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-05-08 14:57:06 0 d-------- C:\VundoFix Backups
2008-05-07 09:39:07 0 d-------- C:\Documents and Settings\Topscore\Phone Browser
2008-05-07 09:35:42 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-07 09:33:54 0 d-------- C:\Documents and Settings\Topscore\Application Data\Nokia
2008-05-07 09:29:52 0 d-------- C:\Program Files\Common Files\PCSuite
2008-05-07 09:28:48 0 d-------- C:\Program Files\Common Files\Nokia
2008-05-07 09:27:25 0 d-------- C:\Program Files\DIFX
2008-05-07 09:27:04 0 d-------- C:\Documents and Settings\Topscore\Application Data\PC Suite
2008-05-07 09:26:26 0 d-------- C:\Program Files\PC Connectivity Solution
2008-05-07 09:25:23 0 d-------- C:\Program Files\Nokia
2008-05-07 09:22:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-04-28 14:58:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater


-- Find3M Report ---------------------------------------------------------------

2008-05-27 10:27:06 809 --ahs---- C:\WINDOWS\system32\mmf.sys
2008-05-26 21:37:18 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-04-13 08:39:16 463904 --a------ C:\WINDOWS\system32\perfh013.dat
2008-04-13 08:39:16 80026 --a------ C:\WINDOWS\system32\perfc013.dat
2008-04-12 16:43:56 0 d-------- C:\Program Files\PFConfig
2008-04-06 13:37:56 0 d-------- C:\Program Files\YouTube Downloader
2008-03-29 10:09:54 0 d-------- C:\Program Files\Xvid
2008-03-29 07:26:38 2560 --a------ C:\WINDOWS\Runservice.exe
2008-03-29 07:26:38 48640 --a------ C:\WINDOWS\mmfs.dll
2008-03-03 20:56:48 230432 --a------ C:\StiImg.dat
2008-02-27 20:15:20 744 --a------ C:\Documents and Settings\Topscore\Application Data\filterclsid.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [07-02-2005 07:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [07-02-2005 07:32]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07-10-2004 11:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07-10-2004 11:43]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [15-07-2004 01:07]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04-08-2004 05:00 C:\WINDOWS\system32\bthprops.cpl]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04-08-2004 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04-08-2004 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 05:00]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08-02-2005 09:05]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [28-03-2005 06:04]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [24-03-2005 09:13]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [28-03-2005 12:20]
"eRecoveryService"="C:\Windows\System32\Check.exe" [23-03-2005 10:01]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [30-07-2002 11:35]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03-11-2006 06:20]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 10:50]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [25-10-2007 03:29]
"Anti-Blaxx Manager"="C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [18-05-2005 04:08]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [10-12-2007 02:53]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31-01-2008 11:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19-02-2008 01:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14-03-2007 03:43]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23-03-2007 01:20]
"BM313e2b3d"="C:\WINDOWS\system32\vvpghxql.dll" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [24-05-2008 11:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 11:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 05:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30-03-2006 04:45]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [15-04-2007 08:31]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [28-09-2006 08:09]
"PowerBar"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [28-4-2008 14:58:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkLCsSl]
jkkLCsSl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqqqqqn

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hp psc 2000 Series.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\hp psc 2000 Series.lnk
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19efb95a-45c9-11dc-9025-00c09fbb58b3}]
AutoRun\command- soS.Exe
explore\Command- soS.Exe
open\ComMand- soS.Exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e855f90-6b82-11dc-90b1-00c09fbb58b3}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e855f91-6b82-11dc-90b1-00c09fbb58b3}]
AutoRun\command- soS.Exe
explore\Command- soS.Exe
open\ComMand- soS.Exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aabece3a-1d05-11dd-932c-00c09fbb58b3}]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcc916b8-bcdf-11da-8bc6-00c09fbb58b3}]
AutoRun\command- soS.Exe
explore\Command- soS.Exe
open\ComMand- soS.Exe




-- End of Deckard's System Scanner: finished at 2008-05-27 10:45:10 ------------

I attached the extra.txt!

Attached Files

extra.txt (36.1 KB, 2 views)

TheBruce1

Hello again

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

=======

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

=======

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Leave Java(TM) 6 Update 3 installed

========

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with all the required logs

=======

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

========
Logs Required
Report.txt
C:\Combofix.txt
Hijackthis Log

__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information.



Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit.


If we have helped you in anyway,please consider Donating

Toine

I did it, but my pc keep saying when I start up at desktop:
Error: C:\windows\system\vvpghxql.dll can't open it


Report.txt:

SDFix: Version 1.186
Run by Topscore on do 29-05-2008 at 01:43

Microsoft Windows XP [versie 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\KJSOQIQK.DLL - Deleted
C:\WINDOWS\SYSTEM32\UEVELGBJ.DLL - Deleted
C:\WINDOWS\SYSTEM32\NBHLWSYV.DLL - Deleted
C:\WINDOWS\SYSTEM32\BEIFCQQT.DLL - Deleted
C:\WINDOWS\SYSTEM32\GOAKGWOT.DLL - Deleted
C:\WINDOWS\SYSTEM32\NXTSFPWD.DLL - Deleted
C:\WINDOWS\SYSTEM32\NNBEOIDV.DLL - Deleted
C:\WINDOWS\SYSTEM32\UJMPTFSJ.DLL - Deleted
C:\WINDOWS\SYSTEM32\USRJGCCG.DLL - Deleted
C:\WINDOWS\SYSTEM32\WIVUYRSA.DLL - Deleted
C:\WINDOWS\SYSTEM32\HOCMLIHR.DLL - Deleted
C:\WINDOWS\SYSTEM32\DMKFAAXM.DLL - Deleted
C:\WINDOWS\SYSTEM32\VIJDARYP.DLL - Deleted
C:\WINDOWS\SYSTEM32\DAAREWDE.DLL - Deleted
C:\WINDOWS\SYSTEM32\DOSKHRNQ.DLL - Deleted
C:\WINDOWS\SYSTEM32\XWGOTOMP.DLL - Deleted
C:\WINDOWS\SYSTEM32\TYARDVCY.DLL - Deleted
C:\WINDOWS\SYSTEM32\ISQCDEMF.DLL - Deleted
C:\WINDOWS\SYSTEM32\PVTDMDIQ.DLL - Deleted
C:\WINDOWS\SYSTEM32\SOSMUDKS.DLL - Deleted
C:\WINDOWS\SYSTEM32\SIMSVKED.DLL - Deleted
C:\WINDOWS\SYSTEM32\OYBSENLI.DLL - Deleted
C:\WINDOWS\SYSTEM32\KSHNNVLH.DLL - Deleted
C:\WINDOWS\SYSTEM32\VVFVQFNH.DLL - Deleted
C:\WINDOWS\SYSTEM32\UCAHUPFD.DLL - Deleted
C:\WINDOWS\SYSTEM32\MJGSYXEH.DLL - Deleted
C:\WINDOWS\SYSTEM32\ARVFHKPI.DLL - Deleted
C:\WINDOWS\SYSTEM32\CGBMEXMI.DLL - Deleted
C:\WINDOWS\SYSTEM32\LUAEYXWX.DLL - Deleted
C:\WINDOWS\SYSTEM32\MKIWEAMX.DLL - Deleted
C:\WINDOWS\SYSTEM32\BSSYOMNE.DLL - Deleted
C:\WINDOWS\SYSTEM32\WTPSSKFN.DLL - Deleted
C:\WINDOWS\SYSTEM32\HPLMUQJM.DLL - Deleted
C:\WINDOWS\SYSTEM32\AJPKNFSK.DLL - Deleted
C:\WINDOWS\SYSTEM32\TWLGFTOT.DLL - Deleted
C:\WINDOWS\SYSTEM32\EURJHTCL.DLL - Deleted
C:\WINDOWS\SYSTEM32\TUTSVBNS.DLL - Deleted
C:\WINDOWS\SYSTEM32\BXUBWAYS.DLL - Deleted
C:\WINDOWS\SYSTEM32\WVNLRGOU.DLL - Deleted
C:\WINDOWS\SYSTEM32\EUMLTVCM.DLL - Deleted
C:\WINDOWS\SYSTEM32\MWCMVBWE.DLL - Deleted
C:\WINDOWS\SYSTEM32\IGKOTPXP.DLL - Deleted
C:\WINDOWS\SYSTEM32\APDRHDQI.DLL - Deleted
C:\WINDOWS\SYSTEM32\TORFDMHW.DLL - Deleted
C:\WINDOWS\SYSTEM32\JGLUWOMR.DLL - Deleted
C:\WINDOWS\SYSTEM32\NVGPLBLG.DLL - Deleted
C:\WINDOWS\SYSTEM32\GPDTYUFV.DLL - Deleted
C:\WINDOWS\SYSTEM32\EDRXLBKG.DLL - Deleted
C:\WINDOWS\SYSTEM32\WGTDGYHF.DLL - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 17:19:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D?????9~??????????????9~l?@?l?@????? ???????????W?<~??9~??????9~K?9~x???????[?9~???????? ??????????????|x???0???????????? kt??9~????????????????????`???????????l?@?l?@?????Q?:~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 8 Apr 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Fri 8 Apr 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTI