WinAntiVirus Pro 2006 - Need Assistance

[chiinkz86]

Hi everyone, my computer got this virus few days ago. Ever since that incident, I've been spammed continuously with IE browser popups.

This is my HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:56:53 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kbvebxpw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\William Chan\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CF9F4B5-3229-39FC-2177-3BB60F3AFFCE} - C:\WINDOWS\system32\frn.dll
O2 - BHO: (no name) - {53F51E35-C7BD-488C-9CBD-E6C1397AA21F} - C:\WINDOWS\system32\gebcb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\rhplddkv.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150677472\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1150670882327
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O20 - Winlogon Notify: ddccbca - ddccbca.dll (file missing)
O20 - Winlogon Notify: gebcb - C:\WINDOWS\system32\gebcb.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\kbvebxpw.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6723 bytes


Thanks

[sUBs]

1. Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop







2. Go to → Run → paste in the single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[chiinkz86]

Here's my ComboFix Log:

ComboFix 07-08-13.2 - "William Chan" 2007-08-12 17:36:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.406 [GMT -7:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\WILLIA~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\WILLIA~1\APPLIC~1.\winantispyware 2007 free
C:\DOCUME~1\WILLIA~1\APPLIC~1.\winantispyware 2007 free\description.txt
C:\DOCUME~1\WILLIA~1\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\WILLIA~1\APPLIC~1\WinAntiSpyware 2007 Free\description.txt
C:\DOCUME~1\WILLIA~1\APPLIC~1\WinAntiSpyware 2007\Logs\update.log
C:\DOCUME~1\WILLIA~1\MYDOCU~1.\asks~1
C:\DOCUME~1\WILLIA~1\MYDOCU~1.\asks~1\w?crtupd.exe
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\stem~1
C:\Program Files\stem~1\??stem\
C:\Program Files\stem~1\explorer.exe
C:\Temp\fse
C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.tmp
C:\WINDOWS\system32\bffjcecx.ini
C:\WINDOWS\system32\cbadyujk.ini
C:\WINDOWS\system32\cmertnfn.ini
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\dysknale.exe
C:\WINDOWS\system32\enngxlpe.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\fgtwyhfk.exe
C:\WINDOWS\system32\frn.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\hkfhwqkh.ini
C:\WINDOWS\system32\hkqwhfkh.dll
C:\WINDOWS\system32\jajypeqg.exe
C:\WINDOWS\system32\kbvebxpw.exe
C:\WINDOWS\system32\kjuydabc.dll
C:\WINDOWS\system32\kugrihgv.dll
C:\WINDOWS\system32\ljprqxkt.ini
C:\WINDOWS\system32\mpqgsntd.exe
C:\WINDOWS\system32\nfntremc.dll
C:\WINDOWS\system32\nvqnxofx.dll
C:\WINDOWS\system32\oicurrwq.ini
C:\WINDOWS\system32\ojthxlgq.ini
C:\WINDOWS\system32\psfhrcoj.exe
C:\WINDOWS\system32\qglxhtjo.dll
C:\WINDOWS\system32\qwrrucio.dll
C:\WINDOWS\system32\rarmrfhh.exe
C:\WINDOWS\system32\rhplddkv.dll
C:\WINDOWS\system32\tkxqrpjl.dll
C:\WINDOWS\system32\vghirguk.ini
C:\WINDOWS\system32\xcecjffb.dll
C:\WINDOWS\system32\xfoxnqvn.ini
C:\WINDOWS\system32\yltrjiht.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))


2007-08-12 17:35 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-12 16:35 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-12 16:27 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-10 18:36 <DIR> d-------- C:\Program Files\DivX
2007-08-09 23:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-07 19:38 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-07-31 16:50 <DIR> d-------- C:\Program Files\Veoh Networks
2007-07-26 16:06 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-26 16:06 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-25 16:53 <DIR> d-------- C:\Program Files\uTorrent
2007-07-25 16:52 <DIR> d-------- C:\DOCUME~1\WILLIA~1\APPLIC~1\uTorrent
2007-07-12 21:32 <DIR> d--h----- C:\DOCUME~1\WILLIA~1\APPLIC~1\ijjigame


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 17:46 39259168 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-12 17:46 3215904 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-12 17:42 534884 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-12 17:42 307496 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-12 17:42 --------- d-------- C:\Program Files\PeerGuardian2
2007-08-09 17:38 --------- d-------- C:\Program Files\Soulseek
2007-08-08 22:28 --------- d-------- C:\Program Files\Viewpoint
2007-08-07 22:43 --------- d-------- C:\Program Files\Guitar Pro 5
2007-08-07 20:11 --------- d-------- C:\Program Files\Poker Tracker V2
2007-08-07 09:27 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 23:23 --------- d-------- C:\Program Files\Steam
2007-07-24 23:30 --------- d-------- C:\Program Files\BitComet
2007-07-13 20:37 --------- d-------- C:\Program Files\PokerRoom.com
2007-07-12 18:27 --------- d-------- C:\Program Files\Diablo II
2007-07-12 18:22 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-07 14:05 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-07-07 14:05 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-07-07 14:05 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-07-07 12:38 94208 --a------ C:\WINDOWS\DIIUnin.exe
2007-07-07 12:38 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-07-06 22:21 --------- d-------- C:\Program Files\Diablo II backup
2007-06-17 16:57 --------- d-------- C:\Program Files\Winamp
2007-05-16 08:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 15:29]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:31]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"Ad-watch"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" [2003-02-12 22:04]
"Samsung LBP SM"="C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" [2003-04-04 09:40]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 15:29]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 15:22]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" []
"BSplayer_WhenUSave_Installer"="C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1150677472\ee\AOLSoftware.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Aim6"="" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccbca]
ddccbca.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^William Chan^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^William Chan^Start Menu^Programs^Startup^TA_Start.lnk]
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^William Chan^Start Menu^Programs^Startup^Think-Adz.lnk]
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-watch]
"C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSplayer_WhenUSave_Installer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung LBP SM]
"C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys
R1 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
S3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 17:44:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 17:47:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 17:47

--- E O F ---



New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:10 PM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150677472\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1150670882327
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O20 - Winlogon Notify: ddccbca - ddccbca.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 5808 bytes



Thanks for helping me! ^^

[sUBs]

Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs:

• ViewPoint

Please note any other programs that you dont recognize in that list in your next response


---------------


Please disable AdWatch, as it may hinder the removal of some entries.
You can re-enable it after you're clean. To disable AdWatch:

• Open AdAware SE.
• Go to AdWatch User Interface.
• Go to Tools and Preferences.
• At the bottom of the screen you will see 2 options Active and Automatic.
• Active: This will turn Ad-Watch On\Off without closing it
• Automatic: Suspicious activity will be blocked automatically
• Uncheck both options. You can enable these after resolving your problem.
• Unless they are turned off they could interfere with the fix by HijackThis.

---------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

O20 - Winlogon Notify: ddccbca - ddccbca.dll (file missing)


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\WINDOWS\pss\TA_Start.lnkStartup
C:\WINDOWS\pss\Think-Adz.lnkStartup
Folder::
C:\Program Files\Viewpoint
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccbca]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^William Chan^Start Menu^Programs^Startup^TA_Start.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^William Chan^Start Menu^Programs^Startup^Think-Adz.lnk]

Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.


---------------





Please perform an online scan using Internet Explorer at this website - http://www.bitdefender.com/scan8/ie.html

Under SCANNING OPTIONS, use the following Settings:

• Action options - Report only
• Second option - Report only

Once finished, click on the Details button to view the results.
To the upper right of the results you will see an option saying "Click here to export the scan results" Post the log of the scan results in your next reply


---------------


In your next post, please include fresh logs from:

1. Fresh Hijackthis log taken just before replying
2. Online scan
3. ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[chiinkz86]

Hi there.

I've done all that you have told me to. As for today, from the moment i have turned on my computer until now (roughly 4 hours), I haven't gotten any popup spams or irking messages. I suppose that's a good sign, right?

Also, as for the BitDefender scan, I did it in two seperate scans. I hope that didn't mess things up.


refreshed HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:41 AM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150677472\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1150670882327
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6352 bytes




CFScript ComboFix log:

ComboFix 07-08-13.2 - "William Chan" 2007-08-12 1931.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.231 [GMT -7:00]
Command switches used :: C:\Documents and Settings\William Chan\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\pss\TA_Start.lnkStartup
C:\WINDOWS\pss\Think-Adz.lnkStartup


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\WINDOWS\pss\TA_Start.lnkStartup
C:\WINDOWS\pss\Think-Adz.lnkStartup


((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))


2007-08-12 18:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-12 17:35 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-12 16:35 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-12 16:27 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-10 18:36 <DIR> d-------- C:\Program Files\DivX
2007-08-09 23:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-07 19:38 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-07-31 16:50 <DIR> d-------- C:\Program Files\Veoh Networks
2007-07-26 16:06 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-26 16:06 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-25 16:53 <DIR> d-------- C:\Program Files\uTorrent
2007-07-25 16:52 <DIR> d-------- C:\DOCUME~1\WILLIA~1\APPLIC~1\uTorrent
2007-07-12 21:32 <DIR> d--h----- C:\DOCUME~1\WILLIA~1\APPLIC~1\ijjigame


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 19:13 3224864 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-12 19:12 --------- d-------- C:\Program Files\Kaspersky Lab
2007-08-12 19:11 39366688 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-12 19:08 536420 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-12 19:08 308528 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-12 17:42 --------- d-------- C:\Program Files\PeerGuardian2
2007-08-09 17:38 --------- d-------- C:\Program Files\Soulseek
2007-08-07 22:43 --------- d-------- C:\Program Files\Guitar Pro 5
2007-08-07 20:11 --------- d-------- C:\Program Files\Poker Tracker V2
2007-08-07 09:27 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 23:23 --------- d-------- C:\Program Files\Steam
2007-07-24 23:30 --------- d-------- C:\Program Files\BitComet
2007-07-13 20:37 --------- d-------- C:\Program Files\PokerRoom.com
2007-07-12 18:27 --------- d-------- C:\Program Files\Diablo II
2007-07-12 18:22 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-07 14:05 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-07-07 14:05 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-07-07 14:05 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-07-07 12:38 94208 --a------ C:\WINDOWS\DIIUnin.exe
2007-07-07 12:38 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-07-06 22:21 --------- d-------- C:\Program Files\Diablo II backup
2007-06-17 16:57 --------- d-------- C:\Program Files\Winamp
2007-05-16 08:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 15:29]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:31]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"Ad-watch"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" [2003-02-12 22:04]
"Samsung LBP SM"="C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" [2003-04-04 09:40]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 15:29]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 15:22]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" []
"BSplayer_WhenUSave_Installer"="C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1150677472\ee\AOLSoftware.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Aim6"="" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^William Chan^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-watch]
"C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSplayer_WhenUSave_Installer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung LBP SM]
"C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys
R1 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
S3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 19:10:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 19:13:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 19:13
C:\ComboFix2.txt ... 2007-08-12 17:47

--- E O F ---




Identified Viruses 4
Infected Files 21
Suspect Files 0

C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP289\A0114127.exe=>(NSIS o)=>zlib_nsis0001
Infected with: Trojan.Purityad.O
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114555.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114556.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114557.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114558.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114559.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114560.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114561.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114562.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114563.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114565.dll
Infected with: Trojan.Vundo.DMP
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114566.dll
Infected with: Trojan.Vundo.DMP
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114567.dll
Infected with: Trojan.Vundo.DMP
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114568.dll
Infected with: Trojan.Vundo.DMP
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114569.dll
Infected with: Trojan.Vundo.DMP
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114570.dll
Infected with: Trojan.Vundo.DMP
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114571.dll
Infected with: Trojan.Vundo.DMP
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114573.dll
Infected with: Trojan.Vundo.DMP
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114574.dll
Infected with: Trojan.Vundo.DMP
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP291\A0114595.dll
Infected with: DeepScan:Generic.Virtumonde.1.4C01D650
C:\System Volume Information\_restore{EA105BBE-F7F2-4E77-BDB9-E435F5060E23}\RP292\A0114887.exe=>(NSIS o)=>zlib_nsis0001
Infected with: Trojan.Purityad.O



Thanks again.

[sUBs]

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"%systemdrive%\VundoFix Backups"
%systemdrive%\Deckard
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Disable("")>SR.vbs
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Enable("")>>SR.vbs
wscript SR.vbs

(
echo.REGEDIT4&echo.
echo.[hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced]
echo."hidden"=dword:00000002
echo."hidefileext"=dword:00000001
echo."showsuperhidden"=dword:00000000
)>rehide.reg

regedit /s rehide.reg
del rehide.reg SR.vbs
nircmd wait 7000
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says

[chiinkz86]

Fix.bat stated that it was "Deleted Successfully."

[sUBs]

Your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

1. ANTIVIRUS SOFTWARE
   It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
   
2. FIREWALL
   Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here ? http://www.bleepingcomputer.com/forums/tutorial60.html
   
   
   
3. Microsoft Windows Update ? http://www.windowsupdate.com
   Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
4. SPYWAREBLASTER
   SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.
   
   Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here ? http://www.bleepingcomputer.com/forums/tutorial49.html
   
   
   
5. IE-SPYAD
   IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Kindly respond to this thread once more so we can mark this thread as resolved.

[chiinkz86]

All I can say is thank you very much, sUBs!

Thanks for all your effort.