Constant Vundo & Bho.g Pop Ups

[rwspark]

I have Nod32 and get constant Vundo and Bho.g virus/trojan warnings. Internet Explorer also comes up randomly to some websites. There are also two icons "Windows Update" and "Help and Support" that keep coming back after deletion.

Here is my Deckard:

Deckard's System Scanner v20071014.68
Run by Ryo on 2007-12-22 14:02:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Ryo.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:15 PM, on 12/22/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Users\Ryo\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ryo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2727CE2E-710F-40A1-9FBC-F6085CBF2418} - C:\Windows\system32\pmnlm.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: {bb2eee05-d049-114b-2704-2901869c6978} - {8796c968-1092-4072-b411-940d50eee2bb} - C:\Windows\system32\gtrjrhgp.dll (file missing)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Slacker Tray App.lnk = Ryo\Desktop\1.0\slacker.tray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/Tec...cueControl.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O20 - Winlogon Notify: qoxyyivz - C:\Windows\SYSTEM32\qoxyyivz.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: GB-PVR Recording Service - WelltonWay - C:\Program Files\devnz\gbpvr\GBPVRRecordingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 8044 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 timounter (Acronis True Image Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R2 tifsfilter (Acronis True Image FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S3 avcgbdr (Adaptec GameBridge AVC-14X0/15X0) - c:\windows\system32\drivers\avcgbdr.sys <Not Verified; Adaptec, Inc.; AVC-14X0/15X0>
S3 avcgbfl (Adaptec GameBridge AVC-14X0/15X0 Loader) - c:\windows\system32\drivers\avcgbfl.sys <Not Verified; Adaptec, Inc; Adaptec AVC-14x0/15x0 GameBridge>
S3 DSDrv4 - \??\c:\progra~1\dscaler\dsdrv4.sys
S3 pgfilter - \??\c:\program files\peerguardian2\pgfilter.sys
S3 RivaTuner32 - \??\c:\program files\rivatuner v2.06\rivatuner32.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 GB-PVR Recording Service - "c:\program files\devnz\gbpvr\gbpvrrecordingservice.exe" <Not Verified; WelltonWay; GB-PVR Recording Service>
R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 VundoFixSvc (VundoFix Service) - vundofixsvc.exe <Not Verified; Atribune.org; Vundofix Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: ACPI\PNPB006\3&2411E6FE&0
Manufacturer:
Name:
PNP Device ID: ACPI\PNPB006\3&2411E6FE&0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-12-22 14:00:02 414 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{19028FAF-DDF8-4354-BA65-85BB25F6EC64}.job


-- Files created between 2007-11-22 and 2007-12-22 -----------------------------

2007-12-21 20:09:15 0 d-------- C:\Program Files\Trend Micro
2007-12-21 19:59:10 165472 --a------ C:\Windows\system32\qoxyyivz.dll
2007-12-21 19:58:52 165472 --a------ C:\Windows\system32\wruvtpjm.dll
2007-12-19 22:53:46 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-12-19 22:31:48 0 d-------- C:\VundoFix Backups
2007-12-19 21:00:00 165472 --a------ C:\Windows\system32\gxwxrrrf.dll
2007-12-19 18:09:36 0 d-------- C:\Program Files\QuickTime
2007-12-19 18:07:28 0 d-------- C:\Program Files\Apple Software Update
2007-12-19 18:07:27 0 d-------- C:\Users\All Users\Apple
2007-12-16 22:10:33 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-12-13 20:19:26 180317 --a------ C:\Windows\system32\PNUSBRDP.dll <Not Verified; Provision Networks; Provision Networks USB-IT>
2007-12-13 20:18:42 49152 --a------ C:\Windows\system32\pnssosvr.exe <Not Verified; ; pnssosvr Module>
2007-12-13 20:18:40 45056 --a------ C:\Windows\system32\pnssoagt.exe <Not Verified; ; PnSsoAgt>
2007-12-13 20:18:38 49152 --a------ C:\Windows\system32\pnsso.dll <Not Verified; ; pnsso module>
2007-12-13 20:16:52 143360 --a------ C:\Windows\system32\pnsslcli.dll <Not Verified; Provision Networks; Provision Networks Secure-IT>
2007-12-13 20:01:46 155740 --a------ C:\Windows\system32\pnuprdp.dll <Not Verified; Provision Networks; Provision Networks Print-IT>
2007-12-13 20:00:48 565340 --a------ C:\Windows\system32\pnupclnt.exe <Not Verified; Provision Networks; Provision Networks Print-IT>
2007-12-13 20:00:30 2015232 --a------ C:\Windows\system32\pnupclnt.dll <Not Verified; Provision Networks; Provision Networks Print-IT>
2007-12-13 19:59:00 282715 --a------ C:\Windows\system32\pnupver.dll <Not Verified; Provision Networks; Provision Networks Print-IT>
2007-12-13 19:58:50 315482 --a------ C:\Windows\system32\pnupspl.dll <Not Verified; Provision Networks; Provision Networks Print-IT>
2007-12-13 19:55:18 454656 --a------ C:\Windows\system32\pnllmcli.dll <Not Verified; Provision Networks; Provision-IT>
2007-12-13 19:53:54 94208 --a------ C:\Windows\system32\PNTray.exe <Not Verified; Provision Networks; Provision Networks PNTray>
2007-12-13 19:53:50 90112 --a------ C:\Windows\system32\PNTray.dll <Not Verified; Provision Networks; Provision Networks PNTray>
2007-12-13 19:52:30 471040 --a------ C:\Windows\system32\pnutils.dll <Not Verified; Provision Networks; Provision Networks Utilities>
2007-12-12 17:51:45 0 d-------- C:\Program Files\Verizon Wireless
2007-12-12 17:50:13 0 d-------- C:\Program Files\HTC
2007-12-09 22:08:09 0 d-------- C:\Program Files\DScaler
2007-12-09 21:58:53 0 d-------- C:\Program Files\devnz
2007-12-09 21:53:26 0 d-------- C:\Users\All Users\Team MediaPortal
2007-12-09 21:52:46 0 d-------- C:\Program Files\Team MediaPortal
2007-12-09 21:23:20 290816 --a------ C:\Windows\system32\MpegVideo.dll <Not Verified; DScaler Team; MpegVideo Module>
2007-12-09 21:23:17 438272 --a------ C:\Windows\system32\MpegAudio.dll <Not Verified; DScaler Team; MpegAudio Module>
2007-12-09 21:23:17 106496 --a------ C:\Windows\system32\GenDMOProp.dll <Not Verified; DScaler Team; GenDMOProp Module>
2007-12-09 21:15:16 0 d-------- C:\Program Files\DScaler5
2007-12-09 20:20:43 10752 -----n--- C:\Windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2007-12-09 20:20:26 1024000 --a------ C:\Windows\system32\DM.dll <Not Verified; Intervideo(R), Inc.; Intervideo Foundation Class(TM)>
2007-12-09 20:19:43 155648 --a------ C:\Windows\system32\log4cpp.dll <Not Verified; Bastiaan Bakker, LifeLine Networks bv; Log library for C++>
2007-12-09 20:19:42 499712 --a------ C:\Windows\system32\iviIPLW7.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLW7>
2007-12-09 20:19:42 466944 --a------ C:\Windows\system32\iviIPLPX.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLPX>
2007-12-09 20:19:42 442368 --a------ C:\Windows\system32\iviIPLP6.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLP6>
2007-12-09 20:19:42 434176 --a------ C:\Windows\system32\iviIPLM6.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLM6>
2007-12-09 20:19:42 421888 --a------ C:\Windows\system32\iviIPLM5.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLM5>
2007-12-09 20:19:42 491520 --a------ C:\Windows\system32\iviIPLA6.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLA6>
2007-12-09 20:19:41 466944 --a------ C:\Windows\system32\iviIPL.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPL>
2007-12-09 20:19:35 0 d-------- C:\Users\All Users\InterVideo
2007-12-09 20:19:28 204800 --a------ C:\Windows\system32\IVIresizeW7.dll
2007-12-09 20:19:28 188416 --a------ C:\Windows\system32\IVIresizePX.dll
2007-12-09 20:19:28 192512 --a------ C:\Windows\system32\IVIresizeP6.dll
2007-12-09 20:19:28 192512 --a------ C:\Windows\system32\IVIresizeM6.dll
2007-12-09 20:19:28 200704 --a------ C:\Windows\system32\IVIresizeA6.dll
2007-12-09 20:19:28 20480 --a------ C:\Windows\system32\IVIresize.dll
2007-12-09 20:19:23 0 d-------- C:\Program Files\Common Files\InterVideo
2007-12-09 20:19:00 0 d-------- C:\Program Files\InterVideo
2007-12-09 20:18:18 110592 -----n--- C:\Windows\system32\gbtvrate.dll <Not Verified; Conexant Systems Inc.; TV Ratings>
2007-12-09 20:18:18 19712 -----n--- C:\Windows\system32\drivers\avcgbfl.sys <Not Verified; Adaptec, Inc; Adaptec AVC-14x0/15x0 GameBridge>
2007-12-09 20:18:18 125568 -----n--- C:\Windows\system32\drivers\avcgbdr.sys <Not Verified; Adaptec, Inc.; AVC-14X0/15X0>
2007-12-09 19:44:23 19712 --a------ C:\Windows\system32\avcgbfl.sys <Not Verified; Adaptec, Inc; Adaptec AVC-14x0/15x0 GameBridge>
2007-12-09 19:44:23 125568 --a------ C:\Windows\system32\avcgbdr.sys <Not Verified; Adaptec, Inc.; AVC-14X0/15X0>
2007-12-09 17:24:36 0 d-------- C:\Program Files\SystemRequirementsLab
2007-12-09 15:24:21 0 d-------- C:\Users\All Users\HPSSUPPLY
2007-12-09 11:59:59 260400 --a------ C:\aminf342.exe
2007-12-07 21:56:51 0 d-------- C:\Virtual Machine
2007-12-07 21:41:26 0 d-------- C:\Program Files\Microsoft Virtual PC
2007-12-01 23:52:51 0 d-------- C:\Program Files\ATITool
2007-12-01 17:33:10 0 d-------- C:\Program Files\RivaTuner v2.06
2007-12-01 11:35:44 0 d-------- C:\Program Files\Realtek AC97
2007-12-01 11:00:49 0 d-------- C:\Program Files\Asus
2007-11-29 22:31:04 0 d-------- C:\Program Files\Provision Networks
2007-11-22 20:40:26 0 d-------- C:\BuildOS


-- Find3M Report ---------------------------------------------------------------

2007-12-22 02:00:59 12 --a------ C:\Windows\bthservsdp.dat
2007-12-20 23:12:54 0 d-------- C:\Users\Ryo\AppData\Roaming\uTorrent
2007-12-20 23:12:54 0 d-------- C:\Program Files\PeerGuardian2
2007-12-12 17:50:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-09 20:20:46 0 d-------- C:\Users\Ryo\AppData\Roaming\Intervideo
2007-12-09 20:19:23 0 d-------- C:\Program Files\Common Files
2007-12-09 17:24:36 0 d-------- C:\Users\Ryo\AppData\Roaming\SystemRequirementsLab
2007-12-09 15:49:04 0 d-------- C:\Program Files\HP
2007-12-09 15:28:44 130797 --a------ C:\Windows\hpoins18.dat
2007-12-09 15:27:01 0 d-------- C:\Users\Ryo\AppData\Roaming\HP
2007-12-09 15:18:22 0 d-------- C:\Users\Ryo\AppData\Roaming\Image Zone Express
2007-12-06 20:33:04 0 d-------- C:\Users\Ryo\AppData\Roaming\Adobe
2007-11-19 07:28:28 0 d-------- C:\Program Files\Monte Cristo
2007-11-18 13:20:30 0 d-------- C:\Program Files\Electronic Arts
2007-11-18 13:17:59 0 d-------- C:\Program Files\DAEMON Tools
2007-11-16 07:31:31 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-11-15 23:14:18 0 d-------- C:\Program Files\Zune
2007-11-14 22:52:10 0 d-------- C:\Program Files\Windows Mail
2007-11-06 22:22:02 4122 --a------ C:\Windows\mozver.dat
2007-11-06 22:21:56 0 d-------- C:\Users\Ryo\AppData\Roaming\Real
2007-11-06 22:21:39 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-06 22:21:36 0 d-------- C:\Program Files\Common Files\Real
2007-11-06 22:21:21 0 d-------- C:\Program Files\Real
2007-11-04 19:19:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-28 13:17:43 0 d-------- C:\Users\Ryo\AppData\Roaming\mIRC
2007-10-28 13:12:35 0 d-------- C:\Users\Ryo\AppData\Roaming\GrabIt
2007-10-28 13:08:36 0 d-------- C:\Program Files\GrabIt
2007-10-28 12:57:55 129124 --ah----- C:\Windows\system32\mlfcache.dat
2007-10-28 12:51:27 0 d-------- C:\Program Files\mIRC


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2727CE2E-710F-40A1-9FBC-F6085CBF2418}]
C:\Windows\system32\pmnlm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8796c968-1092-4072-b411-940d50eee2bb}]
C:\Windows\system32\gtrjrhgp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/12/2007 04:30 PM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [02/11/2007 03:52 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/10/2006 09:52 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [06/14/2007 03:44 PM]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [06/14/2007 03:57 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [06/14/2007 03:48 PM]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [09/28/2006 01:21 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 02:32 PM C:\Windows\KHALMNPR.Exe]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [11/06/2007 07:09 PM]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"SoundMan"="SOUNDMAN.EXE" [03/09/2007 03:28 PM C:\Windows\SOUNDMAN.EXE]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [10/04/2007 05:14 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [10/04/2007 05:14 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [10/04/2007 05:14 PM]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [11/04/2005 01:44 AM]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [11/04/2005 12:29 AM]
"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [11/04/2005 12:30 AM]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdc.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/15/2007 04:14 PM]
"Aim6"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 06:36 AM]

C:\Users\Ryo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoxyyivz]
qoxyyivz.dll 12/21/2007 07:59 PM 165472 C:\Windows\System32\qoxyyivz.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap C:\Windows\system32\geedc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
bthsvcs BthServ
HPZ12 Pml Driver HPZ12 Net Driver HPZ12


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-12-22 1427 ------------

[sUBs]

www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[rwspark]

Combo Fix Log:

ComboFix 07-12-24.5 - Ryo 2007-12-23 15:04:57.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.1081 [GMT -6:00]
Running from: C:\Users\Ryo\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-22 14:02 . 2007-12-22 14:02 <DIR> d-------- C:\Deckard
2007-12-21 20:22 . 2007-12-21 20:25 14,033 --a------ C:\pos9773.tmp
2007-12-21 20:09 . 2007-12-21 20:09 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-21 19:59 . 2007-12-21 19:59 165,472 --a------ C:\Windows\System32\qoxyyivz.dll
2007-12-21 19:58 . 2007-12-21 19:59 165,472 --a------ C:\Windows\System32\wruvtpjm.dll
2007-12-19 22:53 . 2007-12-19 22:53 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2007-12-19 22:31 . 2007-12-20 22:32 <DIR> d-------- C:\VundoFix Backups
2007-12-19 21:01 . 2007-12-19 21:01 14,033 --a------ C:\posFA50.tmp
2007-12-19 21:00 . 2007-12-19 21:00 165,472 --a------ C:\Windows\System32\gxwxrrrf.dll
2007-12-19 18:09 . 2007-12-19 18:10 <DIR> d-------- C:\Program Files\QuickTime
2007-12-19 18:07 . 2007-12-19 18:07 <DIR> d-------- C:\Users\All Users\Apple
2007-12-19 18:07 . 2007-12-19 18:07 <DIR> d-------- C:\ProgramData\Apple
2007-12-19 18:07 . 2007-12-19 18:07 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-18 18:19 . 2007-12-18 21:21 25,306 --ahs---- C:\Windows\System32\ijkkj.ini
2007-12-17 18:01 . 2007-12-19 18:03 54,156 --ah----- C:\Windows\QTFont.qfn
2007-12-17 18:01 . 2007-12-17 18:01 1,409 --a------ C:\Windows\QTFont.for
2007-12-16 22:10 . 2007-12-19 21:11 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-12-16 22:10 . 2007-12-19 21:11 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-12-14 22:08 . 2007-12-14 22:08 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-14 22:08 . 2007-12-14 22:08 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-14 22:08 . 2007-12-14 22:08 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-14 22:08 . 2007-12-14 22:08 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-14 22:03 . 2007-12-14 22:03 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-14 22:03 . 2007-12-14 22:03 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-14 22:03 . 2007-12-14 22:03 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-14 22:03 . 2007-12-14 22:03 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-14 22:02 . 2007-12-14 22:02 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-14 22:02 . 2007-12-14 22:02 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-14 22:01 . 2007-12-14 22:01 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-13 20:22 . 2007-12-13 20:22 1,040,384 --a------ C:\Windows\System32\PNCtrls.ocx
2007-12-13 20:19 . 2007-12-13 20:19 180,317 --a------ C:\Windows\System32\PNUSBRDP.dll
2007-12-13 20:18 . 2007-12-13 20:18 49,152 --a------ C:\Windows\System32\pnssosvr.exe
2007-12-13 20:18 . 2007-12-13 20:18 49,152 --a------ C:\Windows\System32\pnsso.dll
2007-12-13 20:18 . 2007-12-13 20:18 45,056 --a------ C:\Windows\System32\pnssoagt.exe
2007-12-13 20:16 . 2007-12-13 20:16 143,360 --a------ C:\Windows\System32\pnsslcli.dll
2007-12-13 20:01 . 2007-12-13 20:01 155,740 --a------ C:\Windows\System32\pnuprdp.dll
2007-12-13 20:00 . 2007-12-13 20:00 2,015,232 --a------ C:\Windows\System32\pnupclnt.dll
2007-12-13 20:00 . 2007-12-13 20:00 565,340 --a------ C:\Windows\System32\pnupclnt.exe
2007-12-13 19:59 . 2007-12-13 19:59 282,715 --a------ C:\Windows\System32\pnupver.dll
2007-12-13 19:58 . 2007-12-13 19:58 315,482 --a------ C:\Windows\System32\pnupspl.dll
2007-12-13 19:58 . 2007-12-13 19:58 196,702 --a------ C:\Windows\System32\pnupcli.cpl
2007-12-13 19:55 . 2007-12-13 19:55 454,656 --a------ C:\Windows\System32\pnllmcli.dll
2007-12-13 19:53 . 2007-12-13 19:53 94,208 --a------ C:\Windows\System32\PNTray.exe
2007-12-13 19:53 . 2007-12-13 19:53 90,112 --a------ C:\Windows\System32\PNTray.dll
2007-12-13 19:52 . 2007-12-13 19:52 471,040 --a------ C:\Windows\System32\pnutils.dll
2007-12-12 17:51 . 2007-12-12 17:51 <DIR> d-------- C:\Program Files\Verizon Wireless
2007-12-12 17:51 . 2000-08-29 03:19 401,462 --a------ C:\Windows\System32\temp.001
2007-12-12 17:51 . 2000-07-15 15:19 278,581 --a------ C:\Windows\System32\temp.000
2007-12-12 17:50 . 2007-12-12 17:50 <DIR> d-------- C:\Program Files\HTC
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\Windows\System32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\Windows\System32\QuickTime.qts
2007-12-09 22:08 . 2007-12-10 20:24 <DIR> d-------- C:\Program Files\DScaler
2007-12-09 21:58 . 2007-12-09 21:58 <DIR> d-------- C:\Program Files\devnz
2007-12-09 21:53 . 2007-12-09 21:53 <DIR> d-------- C:\Users\All Users\Team MediaPortal
2007-12-09 21:53 . 2007-12-09 21:53 <DIR> d-------- C:\ProgramData\Team MediaPortal
2007-12-09 21:52 . 2007-12-09 21:52 <DIR> d-------- C:\Program Files\Team MediaPortal
2007-12-09 21:23 . 2006-02-18 10:07 438,272 --a------ C:\Windows\System32\MpegAudio.dll
2007-12-09 21:23 . 2006-02-18 10:07 290,816 --a------ C:\Windows\System32\MpegVideo.dll
2007-12-09 21:23 . 2006-02-18 10:06 106,496 --a------ C:\Windows\System32\GenDMOProp.dll
2007-12-09 21:15 . 2007-12-09 21:15 <DIR> d-------- C:\Program Files\DScaler5
2007-12-09 20:20 . 2007-12-09 20:20 <DIR> d-------- C:\Users\Ryo\AppData\Roaming\Intervideo
2007-12-09 20:20 . 2001-08-23 09:25 1,706,800 --a------ C:\Windows\System32\gdiplus.dll
2007-12-09 20:20 . 2005-06-21 11:35 1,024,000 --a------ C:\Windows\System32\DM.dll
2007-12-09 20:20 . 2003-12-01 03:06 63,667 --a------ C:\Windows\System32\dm.inf
2007-12-09 20:20 . 2003-12-25 17:48 10,752 --------- C:\Windows\System32\drivers\iviaspi.sys
2007-12-09 20:19 . 2007-12-09 20:23 <DIR> d-------- C:\Users\All Users\InterVideo
2007-12-09 20:19 . 2007-12-09 20:23 <DIR> d-------- C:\ProgramData\InterVideo
2007-12-09 20:19 . 2007-12-09 20:19 <DIR> d-------- C:\Program Files\InterVideo
2007-12-09 20:19 . 2007-12-09 20:19 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2007-12-09 20:18 . 2005-09-08 14:02 149,471 --------- C:\Windows\System32\gbclcnvt.ax
2007-12-09 20:18 . 2005-09-26 16:08 125,568 --------- C:\Windows\System32\drivers\avcgbdr.sys
2007-12-09 20:18 . 2005-05-24 13:41 114,688 --------- C:\Windows\System32\gbcpntfy.ax
2007-12-09 20:18 . 2005-05-24 13:43 110,592 --------- C:\Windows\System32\gbtvrate.dll
2007-12-09 20:18 . 2005-09-15 17:15 61,440 --------- C:\Windows\System32\gbaudmgr.ax
2007-12-09 20:18 . 2005-05-24 13:44 28,672 --------- C:\Windows\System32\gbproppg.ax
2007-12-09 20:18 . 2005-10-26 14:14 19,712 --------- C:\Windows\System32\drivers\avcgbfl.sys
2007-12-09 20:18 . 2005-09-24 08:49 16,382 --------- C:\Windows\System32\drivers\makoaudc.rom
2007-12-09 20:18 . 2005-05-24 13:45 14,264 --------- C:\Windows\System32\drivers\makoaudb.rom
2007-12-09 19:44 . 2005-09-26 16:08 125,568 --a------ C:\Windows\System32\avcgbdr.sys
2007-12-09 19:44 . 2005-10-26 14:14 19,712 --a------ C:\Windows\System32\avcgbfl.sys
2007-12-09 19:44 . 2005-09-24 08:49 16,382 --a------ C:\Windows\System32\makoaudC.rom
2007-12-09 19:44 . 2005-05-24 13:45 14,264 --a------ C:\Windows\System32\makoaudB.rom
2007-12-09 19:44 . 2005-10-26 16:45 13,660 --a------ C:\Windows\System32\avcgbdr.in_
2007-12-09 19:44 . 2005-10-26 16:48 3,504 --a------ C:\Windows\System32\avcgbfl.in_
2007-12-09 19:05 . 2007-01-05 20:59 35,920 --a------ C:\Windows\System32\drivers\nvstor.sys
2007-12-09 17:24 . 2007-12-09 17:24 <DIR> d-------- C:\Users\Ryo\AppData\Roaming\SystemRequirementsLab
2007-12-09 17:24 . 2007-12-09 17:24 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-12-09 15:24 . 2007-12-09 15:24 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
2007-12-09 15:24 . 2007-12-09 15:24 <DIR> d-------- C:\ProgramData\HPSSUPPLY
2007-12-09 15:22 . 2007-06-01 14:44 130,831 --------- C:\Windows\hpoins18.dat.temp
2007-12-09 15:22 . 2007-02-28 18:32 6,600 --------- C:\Windows\hpomdl18.dat.temp
2007-12-09 11:59 . 2007-12-09 11:57 260,400 --a------ C:\aminf342.exe
2007-12-07 21:56 . 2007-12-07 21:59 <DIR> d-------- C:\Virtual Machine
2007-12-07 21:41 . 2007-12-07 21:41 <DIR> d-------- C:\Program Files\Microsoft Virtual PC
2007-12-01 23:52 . 2007-12-02 00:08 <DIR> d-------- C:\Program Files\ATITool
2007-12-01 17:33 . 2007-12-01 17:33 <DIR> d-------- C:\Program Files\RivaTuner v2.06
2007-12-01 11:35 . 2007-12-01 11:35 <DIR> d-------- C:\Program Files\Realtek AC97
2007-12-01 11:00 . 2007-12-01 11:00 <DIR> d-------- C:\Program Files\Asus
2007-11-29 22:31 . 2007-11-29 22:31 <DIR> d-------- C:\Program Files\Provision Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 05:12 --------- d-----w C:\Users\Ryo\AppData\Roaming\uTorrent
2007-12-21 05:12 --------- d-----w C:\Program Files\PeerGuardian2
2007-12-15 04:09 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2007-12-15 04:09 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2007-12-15 04:09 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2007-12-15 04:09 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2007-12-15 04:09 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2007-12-15 04:09 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2007-12-15 04:09 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2007-12-15 04:09 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-15 04:07 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 23:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 23:29 --------- d-----w C:\ProgramData\NVIDIA
2007-12-09 21:49 --------- d-----w C:\ProgramData\HP
2007-12-09 21:49 --------- d-----w C:\Program Files\HP
2007-12-09 21:27 --------- d-----w C:\Users\Ryo\AppData\Roaming\HP
2007-12-09 21:18 --------- d-----w C:\Users\Ryo\AppData\Roaming\Image Zone Express
2007-11-19 13:28 --------- d-----w C:\Program Files\Monte Cristo
2007-11-18 19:46 --------- d-----w C:\ProgramData\SimCity Societies
2007-11-18 19:20 --------- d-----w C:\Program Files\Electronic Arts
2007-11-18 19:17 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-18 19:14 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2007-11-16 13:31 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-16 05:14 --------- d-----w C:\Program Files\Zune
2007-11-15 04:53 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-15 04:53 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-15 04:52 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-15 04:52 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-15 04:52 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-15 04:52 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-15 04:52 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-15 04:52 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2007-11-15 04:52 --------- d-----w C:\Program Files\Windows Mail
2007-11-07 04:21 --------- d-----w C:\Program Files\Real
2007-11-07 04:21 --------- d-----w C:\Program Files\Common Files\xing shared
2007-11-07 04:21 --------- d-----w C:\Program Files\Common Files\Real
2007-11-05 01:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-28 19:21 --------- d---a-w C:\ProgramData\TEMP
2007-10-28 19:17 --------- d-----w C:\Users\Ryo\AppData\Roaming\mIRC
2007-10-28 19:12 --------- d-----w C:\Users\Ryo\AppData\Roaming\GrabIt
2007-10-28 19:08 --------- d-----w C:\Program Files\GrabIt
2007-10-28 18:51 --------- d-----w C:\Program Files\mIRC
2007-08-12 06:05 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2007-12-21_20.38.39.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-22 02:37:10 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-12-24 21:09:31 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2000-08-31 14:00:00 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2007-12-22 02:37:43 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-12-24 21:09:47 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2007-12-22 00:10:03 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-23 16:39:31 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-12-22 00:10:03 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-23 16:39:31 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-22 00:10:03 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-23 16:39:31 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-22 02:37:43 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-12-24 21:09:47 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2007-12-22 02:24:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-24 21:09:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-22 02:25:00 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-12-23 21:04:52 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2007-12-22 00:12:15 104,534 ----a-w C:\Windows\System32\perfc009.dat
+ 2007-12-23 19:46:20 104,534 ----a-w C:\Windows\System32\perfc009.dat
- 2007-12-22 00:12:15 620,086 ----a-w C:\Windows\System32\perfh009.dat
+ 2007-12-23 19:46:20 620,086 ----a-w C:\Windows\System32\perfh009.dat
- 2007-12-14 03:26:50 156,160 ----a-w C:\Windows\System32\swreg.exe
+ 2000-08-31 14:00:00 156,160 ----a-w C:\Windows\System32\swreg.exe
- 2007-12-22 00:09:40 17,070 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2791420307-964833863-1451205269-1000_UserData.bin
+ 2007-12-23 16:39:06 17,412 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2791420307-964833863-1451205269-1000_UserData.bin
- 2007-12-22 00:09:40 76,708 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-23 16:39:06 77,004 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-12-21 03:20:18 62,934 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-12-22 20:01:03 63,112 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2727CE2E-710F-40A1-9FBC-F6085CBF2418}]
C:\Windows\system32\pmnlm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8796c968-1092-4072-b411-940d50eee2bb}]
C:\Windows\system32\gtrjrhgp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
"Aim6"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 06:36]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-12 16:30]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-02-11 15:52]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-06-14 15:44]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-06-14 15:57]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-06-14 15:48]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 13:21]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 C:\Windows\KHALMNPR.Exe]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-06 19:09]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 15:28 C:\Windows\SOUNDMAN.EXE]
"NvSvc"="RUNDLL32.exe" [2006-11-02 03:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 03:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 03:45 C:\Windows\System32\rundll32.exe]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-11-04 01:44]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-11-04 00:29]
"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [2005-11-04 00:30]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdc.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-16 17:34:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoxyyivz]
qoxyyivz.dll 2007-12-21 19:59 165472 C:\Windows\System32\qoxyyivz.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll

R0 nvstor32;nvstor32;C:\Windows\system32\DRIVERS\nvstor32.sys [2007-04-19 13:12]
R0 snapman;Acronis Snapshots Manager;C:\Windows\system32\DRIVERS\snapman.sys [2007-07-13 20:47]
R0 timounter;Acronis True Image Backup Archive Explorer;C:\Windows\system32\DRIVERS\timntr.sys [2007-07-13 20:47]
R1 ATITool;ATITool Overclocking Utility;C:\Windows\system32\DRIVERS\ATITool.sys [2007-08-08 10:54]
R2 tifsfilter;Acronis True Image FS Filter;C:\Windows\system32\DRIVERS\tifsfilt.sys [2007-07-13 20:47]
R3 lmimirr;lmimirr;C:\Windows\system32\DRIVERS\lmimirr.sys [2007-04-17 13:00]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\Windows\system32\Drivers\LUsbFilt.Sys [2007-04-11 14:33]
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-10-04 17:14]
S3 avcgbdr;Adaptec GameBridge AVC-14X0/15X0;C:\Windows\system32\drivers\avcgbdr.sys [2005-09-26 16:08]
S3 avcgbfl;Adaptec GameBridge AVC-14X0/15X0 Loader;C:\Windows\system32\Drivers\avcgbfl.sys [2005-10-26 14:14]
S3 DSDrv4;DSDrv4;C:\PROGRA~1\DScaler\DSDrv4.sys [2007-09-05 21:18]
S3 pgfilter;pgfilter;C:\Program Files\PeerGuardian2\pgfilter.sys [2007-06-02 13:59]
S3 RivaTuner32;RivaTuner32;C:\Program Files\RivaTuner v2.06\RivaTuner32.sys [2007-10-30 12:05]
S3 WINUSB;WinUsb Driver;C:\Windows\system32\DRIVERS\WinUSB.SYS [2006-11-02 02:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
Contents of the 'Scheduled Tasks' folder
"2007-12-24 21:07:23 C:\Windows\Tasks\User_Feed_Synchronization-{19028FAF-DDF8-4354-BA65-85BB25F6EC64}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 15:10:06
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-24 15:11:19 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-21 20:39
.
2007-12-16 05:17:36 --- E O F ---

[rwspark]

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:11 PM, on 12/24/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2727CE2E-710F-40A1-9FBC-F6085CBF2418} - C:\Windows\system32\pmnlm.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: {bb2eee05-d049-114b-2704-2901869c6978} - {8796c968-1092-4072-b411-940d50eee2bb} - C:\Windows\system32\gtrjrhgp.dll (file missing)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Slacker Tray App.lnk = Ryo\Desktop\1.0\slacker.tray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/Tec...cueControl.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O20 - Winlogon Notify: qoxyyivz - C:\Windows\SYSTEM32\qoxyyivz.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: GB-PVR Recording Service - WelltonWay - C:\Program Files\devnz\gbpvr\GBPVRRecordingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 7930 bytes

[sUBs]

Quote:

C:\ComboFix2.txt ... 2007-12-21 20:39

Please post this log.

[sUBs]

Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {2727CE2E-710F-40A1-9FBC-F6085CBF2418} - C:\Windows\system32\pmnlm.dll (file missing)
O2 - BHO: {bb2eee05-d049-114b-2704-2901869c6978} - {8796c968-1092-4072-b411-940d50eee2bb} - C:\Windows\system32\gtrjrhgp.dll (file missing)
O20 - Winlogon Notify: qoxyyivz - C:\Windows\SYSTEM32\qoxyyivz.dll
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

Ignore any prompts for a reboot


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/204925-constant-vundo-bho-g-pop-ups.html
Collect::
C:\Windows\System32\qoxyyivz.dll
C:\Windows\System32\wruvtpjm.dll
Suspect::
C:\posFA50.tmp
C:\pos9773.tmp
C:\Windows\System32\temp.001
C:\Windows\System32\temp.000
C:\Windows\hpoins18.dat.temp
C:\Windows\hpomdl18.dat.temp
File::
C:\Windows\System32\VundoFixSVC.exe
C:\Windows\System32\gxwxrrrf.dll
C:\Windows\System32\ijkkj.ini
Folder::
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2727CE2E-710F-40A1-9FBC-F6085CBF2418}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8796c968-1092-4072-b411-940d50eee2bb}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoxyyivz]

Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called [4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/subm....php?channel=4


---------------


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan


---------------


In your next post, please include fresh logs from:

1. Fresh Hijackthis log taken just before replying
2. Online scan
3. ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[rwspark]

Quote:

Originally Posted by sUBs

Please post this log.

ComboFix 07-12-21.4 - Ryo 2007-12-21 20:25:08.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.1254 [GMT -6:00]
Running from: C:\Users\Ryo\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Downloaded Program Files\x64
C:\Windows\Downloaded Program Files\x64\racodec.ax
C:\Windows\Downloaded Program Files\x86
C:\Windows\Downloaded Program Files\x86\racodec.ax
C:\Windows\System32\ccbeg.bak1
C:\Windows\System32\ccbeg.ini
C:\Windows\system32\ddayy.dll
C:\Windows\system32\gebcc.dll
C:\Windows\system32\geedc.dll
C:\Windows\System32\mlnmp.bak1
C:\Windows\System32\mlnmp.bak2
C:\Windows\System32\mlnmp.ini
C:\Windows\System32\mlnmp.ini2
C:\Windows\System32\mlnmp.tmp
C:\Windows\system32\qoxyyivz.dllbox
C:\Windows\system32\sstqp.dll
C:\Windows\System32\utstv.bak1
C:\Windows\System32\utstv.bak2
C:\Windows\System32\utstv.ini
C:\Windows\system32\vtstu.dll
C:\Windows\System32\yyadd.tmp

.
((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
.

2007-12-21 20:22 . 2007-12-21 20:25 14,033 --a------ C:\pos9773.tmp
2007-12-21 20:09 . 2007-12-21 20:09 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-21 19:59 . 2007-12-21 19:59 165,472 --a------ C:\Windows\System32\qoxyyivz.dll
2007-12-21 19:58 . 2007-12-21 19:59 165,472 --a------ C:\Windows\System32\wruvtpjm.dll
2007-12-19 22:53 . 2007-12-19 22:53 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2007-12-19 22:31 . 2007-12-20 22:32 <DIR> d-------- C:\VundoFix Backups
2007-12-19 21:01 . 2007-12-19 21:01 14,033 --a------ C:\posFA50.tmp
2007-12-19 21:00 . 2007-12-19 21:00 165,472 --a------ C:\Windows\System32\gxwxrrrf.dll
2007-12-19 18:09 . 2007-12-19 18:10 <DIR> d-------- C:\Program Files\QuickTime
2007-12-19 18:07 . 2007-12-19 18:07 <DIR> d-------- C:\Users\All Users\Apple
2007-12-19 18:07 . 2007-12-19 18:07 <DIR> d-------- C:\ProgramData\Apple
2007-12-19 18:07 . 2007-12-19 18:07 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-18 18:19 . 2007-12-18 21:21 25,306 --ahs---- C:\Windows\System32\ijkkj.ini
2007-12-17 18:01 . 2007-12-19 18:03 54,156 --ah----- C:\Windows\QTFont.qfn
2007-12-17 18:01 . 2007-12-17 18:01 1,409 --a------ C:\Windows\QTFont.for
2007-12-16 22:10 . 2007-12-19 21:11 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-12-16 22:10 . 2007-12-19 21:11 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-12-14 22:08 . 2007-12-14 22:08 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-14 22:08 . 2007-12-14 22:08 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-14 22:08 . 2007-12-14 22:08 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-14 22:08 . 2007-12-14 22:08 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-14 22:03 . 2007-12-14 22:03 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-14 22:03 . 2007-12-14 22:03 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-14 22:03 . 2007-12-14 22:03 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-14 22:03 . 2007-12-14 22:03 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-14 22:02 . 2007-12-14 22:02 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-14 22:02 . 2007-12-14 22:02 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-14 22:01 . 2007-12-14 22:01 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-13 20:22 . 2007-12-13 20:22 1,040,384 --a------ C:\Windows\System32\PNCtrls.ocx
2007-12-13 20:19 . 2007-12-13 20:19 180,317 --a------ C:\Windows\System32\PNUSBRDP.dll
2007-12-13 20:18 . 2007-12-13 20:18 49,152 --a------ C:\Windows\System32\pnssosvr.exe
2007-12-13 20:18 . 2007-12-13 20:18 49,152 --a------ C:\Windows\System32\pnsso.dll
2007-12-13 20:18 . 2007-12-13 20:18 45,056 --a------ C:\Windows\System32\pnssoagt.exe
2007-12-13 20:16 . 2007-12-13 20:16 143,360 --a------ C:\Windows\System32\pnsslcli.dll
2007-12-13 20:01 . 2007-12-13 20:01 155,740 --a------ C:\Windows\System32\pnuprdp.dll
2007-12-13 20:00 . 2007-12-13 20:00 2,015,232 --a------ C:\Windows\System32\pnupclnt.dll
2007-12-13 20:00 . 2007-12-13 20:00 565,340 --a------ C:\Windows\System32\pnupclnt.exe
2007-12-13 19:59 . 2007-12-13 19:59 282,715 --a------ C:\Windows\System32\pnupver.dll
2007-12-13 19:58 . 2007-12-13 19:58 315,482 --a------ C:\Windows\System32\pnupspl.dll
2007-12-13 19:58 . 2007-12-13 19:58 196,702 --a------ C:\Windows\System32\pnupcli.cpl
2007-12-13 19:55 . 2007-12-13 19:55 454,656 --a------ C:\Windows\System32\pnllmcli.dll
2007-12-13 19:53 . 2007-12-13 19:53 94,208 --a------ C:\Windows\System32\PNTray.exe
2007-12-13 19:53 . 2007-12-13 19:53 90,112 --a------ C:\Windows\System32\PNTray.dll
2007-12-13 19:52 . 2007-12-13 19:52 471,040 --a------ C:\Windows\System32\pnutils.dll
2007-12-12 17:51 . 2007-12-12 17:51 <DIR> d-------- C:\Program Files\Verizon Wireless
2007-12-12 17:51 . 2000-08-29 03:19 401,462 --a------ C:\Windows\System32\temp.001
2007-12-12 17:51 . 2000-07-15 15:19 278,581 --a------ C:\Windows\System32\temp.000
2007-12-12 17:50 . 2007-12-12 17:50 <DIR> d-------- C:\Program Files\HTC
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\Windows\System32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\Windows\System32\QuickTime.qts
2007-12-09 22:08 . 2007-12-10 20:24 <DIR> d-------- C:\Program Files\DScaler
2007-12-09 21:58 . 2007-12-09 21:58 <DIR> d-------- C:\Program Files\devnz
2007-12-09 21:53 . 2007-12-09 21:53 <DIR> d-------- C:\Users\All Users\Team MediaPortal
2007-12-09 21:53 . 2007-12-09 21:53 <DIR> d-------- C:\ProgramData\Team MediaPortal
2007-12-09 21:52 . 2007-12-09 21:52 <DIR> d-------- C:\Program Files\Team MediaPortal
2007-12-09 21:23 . 2006-02-18 10:07 438,272 --a------ C:\Windows\System32\MpegAudio.dll
2007-12-09 21:23 . 2006-02-18 10:07 290,816 --a------ C:\Windows\System32\MpegVideo.dll
2007-12-09 21:23 . 2006-02-18 10:06 106,496 --a------ C:\Windows\System32\GenDMOProp.dll
2007-12-09 21:15 . 2007-12-09 21:15 <DIR> d-------- C:\Program Files\DScaler5
2007-12-09 20:20 . 2007-12-09 20:20 <DIR> d-------- C:\Users\Ryo\AppData\Roaming\Intervideo
2007-12-09 20:20 . 2001-08-23 09:25 1,706,800 --a------ C:\Windows\System32\gdiplus.dll
2007-12-09 20:20 . 2005-06-21 11:35 1,024,000 --a------ C:\Windows\System32\DM.dll
2007-12-09 20:20 . 2003-12-01 03:06 63,667 --a------ C:\Windows\System32\dm.inf
2007-12-09 20:20 . 2003-12-25 17:48 10,752 --------- C:\Windows\System32\drivers\iviaspi.sys
2007-12-09 20:19 . 2007-12-09 20:23 <DIR> d-------- C:\Users\All Users\InterVideo
2007-12-09 20:19 . 2007-12-09 20:23 <DIR> d-------- C:\ProgramData\InterVideo
2007-12-09 20:19 . 2007-12-09 20:19 <DIR> d-------- C:\Program Files\InterVideo
2007-12-09 20:19 . 2007-12-09 20:19 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2007-12-09 20:18 . 2005-09-08 14:02 149,471 --------- C:\Windows\System32\gbclcnvt.ax
2007-12-09 20:18 . 2005-09-26 16:08 125,568 --------- C:\Windows\System32\drivers\avcgbdr.sys
2007-12-09 20:18 . 2005-05-24 13:41 114,688 --------- C:\Windows\System32\gbcpntfy.ax
2007-12-09 20:18 . 2005-05-24 13:43 110,592 --------- C:\Windows\System32\gbtvrate.dll
2007-12-09 20:18 . 2005-09-15 17:15 61,440 --------- C:\Windows\System32\gbaudmgr.ax
2007-12-09 20:18 . 2005-05-24 13:44 28,672 --------- C:\Windows\System32\gbproppg.ax
2007-12-09 20:18 . 2005-10-26 14:14 19,712 --------- C:\Windows\System32\drivers\avcgbfl.sys
2007-12-09 20:18 . 2005-09-24 08:49 16,382 --------- C:\Windows\System32\drivers\makoaudc.rom
2007-12-09 20:18 . 2005-05-24 13:45 14,264 --------- C:\Windows\System32\drivers\makoaudb.rom
2007-12-09 19:44 . 2005-09-26 16:08 125,568 --a------ C:\Windows\System32\avcgbdr.sys
2007-12-09 19:44 . 2005-10-26 14:14 19,712 --a------ C:\Windows\System32\avcgbfl.sys
2007-12-09 19:44 . 2005-09-24 08:49 16,382 --a------ C:\Windows\System32\makoaudC.rom
2007-12-09 19:44 . 2005-05-24 13:45 14,264 --a------ C:\Windows\System32\makoaudB.rom
2007-12-09 19:44 . 2005-10-26 16:45 13,660 --a------ C:\Windows\System32\avcgbdr.in_
2007-12-09 19:44 . 2005-10-26 16:48 3,504 --a------ C:\Windows\System32\avcgbfl.in_
2007-12-09 19:05 . 2007-01-05 20:59 35,920 --a------ C:\Windows\System32\drivers\nvstor.sys
2007-12-09 17:24 . 2007-12-09 17:24 <DIR> d-------- C:\Users\Ry