need help with IEXPLORE. exe virus

[viperdiabolos]

Hello everyone who just happens to run by this thread. I've been combing the internet looking for a solution to my problem with this virus. It began when I downloaded a faulty version of an MMORPG called SUN Online from a taiwanese website. The IEXPLORE virus kept popping up instances of IE all over my screen. As many at 30+ instances to be exact. After some tinkering by a buddy we killed that, but IEXPLORE still runs in my Task Manager's processes and it eats at my CPU. I've tried all I can. I tried PrevX, but I don't have the funds to purchase the program and I heard it is a really big help. I followed all 5 steps that were laid out on the forum. So, what can you intelligent people suggest that I do to take care of this nuisance? My log is below:


Deckard's System Scanner v20071014.68
Run by Demonta on 2008-07-07 12:25:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-07-07 16:25:30 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-07-07 11:37:21 UTC - RP7 - Removed SUPERAntiSpyware Free Edition
6: 2008-07-07 11:25:58 UTC - RP6 - Removed TuneUp Utilities 2007
5: 2008-07-07 11:23:16 UTC - RP5 - Configured Sarmsoft Resume Builder
4: 2008-07-07 11:22:46 UTC - RP4 - Removed ProxyCap


-- First Restore Point --
1: 2008-07-06 16:03:56 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Demonta.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:00 PM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Demonta\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Demonta.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [svchosts] C:\WINDOWS\system32\svchosts.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZRfox000
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tawnya\Start Menu\Programs\IMVU\Run IMVU.lnk
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O15 - Trusted Zone: http://*.kcp.co.kr
O15 - Trusted Zone: http://*.siren24.co.kr
O15 - Trusted Zone: http://*.siren24.com
O15 - Trusted Zone: http://*.telec.co.kr
O15 - Trusted Zone: http://*.vpay.co.kr
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Demonta\Desktop\zombies.gif

--
End of file - 5115 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080707-070419-162 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20080707-070419-164 O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
backup-20080707-070419-520 O2 - BHO: (no name) - {E907D6D9-2B0C-4E0E-9120-13678A4AC0A7} - (no file)
backup-20080707-070419-567 O2 - BHO: (no name) - {6C6F6EDB-F664-F8CC-4B13-8C8DCC208FEC} - (no file)
backup-20080707-070419-663 O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
backup-20080707-070419-698 O2 - BHO: (no name) - {3B666A84-F367-AEC9-1A13-8C8DCC2082B0} - (no file)
backup-20080707-070419-805 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
backup-20080707-070419-830 O2 - BHO: (no name) - {601613FE-F67F-425F-B238-2C4FE23E8C97} - (no file)
backup-20080707-070419-876 O2 - BHO: (no name) - {32CEF731-A3D1-4A8E-9A6C-2993061FD909} - (no file)
backup-20080707-070419-884 O2 - BHO: (no name) - {17D87D26-03B8-430E-80D3-DB36B13F860d} - (no file)
backup-20080707-070419-887 O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
backup-20080707-070419-965 O2 - BHO: (no name) - {439F4842-4AD7-418D-8AA9-BC98806F6BDB} - (no file)
backup-20080707-070419-967 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080707-070420-168 O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
backup-20080707-070420-301 O16 - DPF: {1545689F-FB2C-4941-B7B5-FE21D1F789E7} (TrustSite 1.0 Control) - http://img.telec.co.kr/file/trustsitex/trustsitex.cab
backup-20080707-070420-365 O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - http://www.siren24.com/initech/plugin/INIS60.cab
backup-20080707-070420-487 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20080707-070420-626 O20 - Winlogon Notify: iifdcbb - iifdcbb.dll (file missing)
backup-20080707-070420-641 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
backup-20080707-070420-845 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20080707-070421-304 O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)
backup-20080707-070421-994 O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 MAC607 (MAC607 Filter) - c:\windows\system32\drivers\mac607.sys (file missing)
S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
S3 PXRDDriver (PREVX Rootkitscan driver) - c:\windows\system32\drivers\pxrd.sys
S3 SABProcEnum - c:\progra~1\mozill~1\sabprocenum.sys (file missing)
S3 samhid - c:\windows\system32\drivers\samhid.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 XDva020 - c:\windows\system32\xdva020.sys (file missing)
S3 XDva037 - c:\windows\system32\xdva037.sys (file missing)
S3 XDva052 - c:\windows\system32\xdva052.sys (file missing)
S3 XDva098 - c:\windows\system32\xdva098.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe"
R2 npkcmsvc - c:\windows\system32\npkcmsvc.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Manager Service>
R2 PREVXAgent (Prevx Agent) - "c:\program files\prevx1\pxagent.exe" -f <Not Verified; Prevx; Prevx-1>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\9A1881111100
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\9A1881111100
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_4037107B&REV_03\4&14E6004F&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_4037107B&REV_03\4&14E6004F&0&40F0
Service: E100B

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_PI9932F&PROD_RCE416W&REV_1.0\5&36E5972&0&000
Manufacturer: (Standard CD-ROM drives)
Name: PI9932F RCE416W SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_PI9932F&PROD_RCE416W&REV_1.0\5&36E5972&0&000
Service: cdrom


-- Scheduled Tasks -------------------------------------------------------------

2008-07-05 17:41:10 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-04 17:15:00 394 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-07-04 15:00:01 412 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-07 12:07:20 0 d-------- C:\ie-spyad_zo
2008-07-07 12:03:32 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-07-07 12:03:20 0 d-------- C:\Program Files\SpywareBlaster
2008-07-07 07:41:35 0 d-------- C:\WINDOWS\LastGood
2008-07-07 07:41:15 0 d-------- C:\Program Files\Panda Security
2008-07-07 06:39:38 0 d-------- C:\Program Files\Trend Micro
2008-07-06 17:46:32 0 d-------- C:\Documents and Settings\Tawnya\Application Data\Prevx
2008-07-06 16:51:06 0 d-------- C:\Documents and Settings\Demonta\Application Data\Prevx
2008-07-06 16:48:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-07-06 15:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-05 13:29:12 0 d-------- C:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP
2008-07-05 13:29:11 0 d-------- C:\WINDOWS\48B8222675E34E9092CCD30F79EA6380.TMP
2008-07-05 09:52:18 288800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-05 09:32:36 0 d-------- C:\WINDOWS\LastGood(2)
2008-07-05 08:58:29 0 d-------- C:\Program Files\Uniblue
2008-07-04 20:55:10 5402624 --a------ C:\Documents and Settings\Tawnya\ntuser.dat
2008-07-04 20:55:09 11010048 --a------ C:\Documents and Settings\Demonta\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-07-07 07:37:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 07:37:27 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-07 07:37:27 0 d-------- C:\Documents and Settings\Demonta\Application Data\SUPERAntiSpyware.com
2008-07-07 07:25:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 07:19:34 0 d-------- C:\Program Files\GetRight
2008-07-07 07:19:19 0 d-------- C:\Documents and Settings\Demonta\Application Data\GetRight Pro
2008-07-07 07:18:27 0 d-------- C:\Program Files\Image-Line
2008-07-07 07:15:14 0 d-------- C:\Program Files\VstPlugins
2008-07-06 16:48:17 0 d-------- C:\Documents and Settings\Demonta\Application Data\Azureus
2008-07-05 17:13:17 0 d-------- C:\Program Files\FlashGet
2008-07-05 13:33:28 0 d-------- C:\Program Files\Opera
2008-07-05 13:33:27 0 d-------- C:\Program Files\Norton Security Scan
2008-07-05 13:30:53 0 d-------- C:\Program Files\Online Services
2008-07-05 13:28:47 0 d-------- C:\Program Files\Driver Cleaner Pro
2008-06-02 10:32:33 0 d-------- C:\Documents and Settings\Demonta\Application Data\Opera
2008-06-01 20:21:11 0 d-------- C:\Program Files\IMVU
2008-05-30 10:03:25 0 d-------- C:\Documents and Settings\Demonta\Application Data\Comodo
2008-05-30 10:03:23 0 d-------- C:\Program Files\COMODO
2008-05-24 07:16:14 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-17 10:50:31 0 d-------- C:\Program Files\Gravity
2008-05-17 00:08:28 0 d-------- C:\Program Files\Common Files
2008-05-17 00:08:28 0 d-------- C:\Program Files\Common Files\DirectX
2008-05-16 13:15:51 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-16 13:15:50 0 d-------- C:\Program Files\backburner 2
2008-05-15 17:52:39 80 --ah----- C:\WINDOWS\system32\HsInfo.dat
2008-05-14 09:34:41 0 d-------- C:\Program Files\Lizard Interactive
2008-05-14 09:34:13 65536 --a------ C:\WINDOWS\IFinst27.exe
2008-05-11 08:22:05 0 d-------- C:\Program Files\OGPlanet
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-20 13:18:39 1093632 --a------ C:\WINDOWS\system32\inicrypto30.dll <Not Verified; INITECH (c).; inicrypto30>
2008-04-20 13:18:06 76431 --a------ C:\WINDOWS\system32\npkcmsvc.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Manager Service>
2008-04-20 12:57:41 192512 --a------ C:\WINDOWS\system32\kdfvmgr.exe <Not Verified; ??????; ?????? KdfVMgr>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"svchosts"="C:\WINDOWS\system32\svchosts.exe" []
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [06/01/2008 01:18 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 09:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Demonta\Desktop\zombies.gif
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Demonta^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk]
path=C:\Documents and Settings\Demonta\Start Menu\Programs\Startup\Thoosje Vista Sidebar.lnk
backup=C:\WINDOWS\pss\Thoosje Vista Sidebar.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
"C:\Program Files\COMODO\Firewall\cfp.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c717493-ff09-11db-90ae-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - RKPAVPROC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{13C3D8DF-25A6-A06B-682D-2739B6D0796B}]
C:\WINDOWS\system32\svchosts.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{523702KJY0-YKN5OK-D1KOW-F49T8-TVUI81RWM141}]
netconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6CB9796-B0DB-FC2B-8B0B-901F2A90F25C}]
C:\WINDOWS\system32:svchosts.exe



-- End of Deckard's System Scanner: finished at 2008-07-07 12:34:25 ------------

[amateur]

Hello and welcome to TSF.

Please be informed that your system is infected with a password stealing trojan which may have severely compromised your system.

Quote:

High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.

f this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different and clean computer to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this article too.

Although the trojan is identifed and can be cleaned, many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. In all honesty, if this were to be my computer, I would reformat and reinstall Windows XP.

Please let me know what course of action you would like to take.

[viperdiabolos]

Whew luckily all I have done on this PC is use a giftcard with "points" on it. I'll re-format if there is absolutely no other way to get rid of this bug. I just need someone to let me know if there is. Thank you for your reply.

[amateur]

Hi,

OK. If you had no sensitive information on the computer, we will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

[viperdiabolos]

Bad news/good news. My uncle "knew" about combofix.exe. However, he didn't know about the recovery console. Needless to say, reformat was inevitable. That's what I get for letting someone else mess around.
Oh, well, my PC is as clean as its gonna get now, lol. Thank you guys for all your help and hard work.

[amateur]

Hi,

You're welcome. Thanks for letting us know. As you say, you have a fresh start now.

Here are some steps to make your surfing more secure in future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site http://windowsupdate.microsoft.com/ to get the critical updates.

If you are running Microsoft, or any portion thereof, go to the Microsoft's Office Update site http://office.microsoft.com/officeup....aspx?lc=en-us and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:

SpywareBlaster A tutorial on installing & using this product can be found here: http://www.bleepingcomputer.com/forums/tutorial49.html
SpywareGuard here

If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.

A firewall will prevent unauthorized contact between your computer and internet. A tutorial on Firewalls and a listing of some available ones can be found here:
http://forum.malwareremoval.com/viewtopic.php?p=56#56
http://www.bleepingcomputer.com/forums/tutorial60.html

Test your firewall here to make sure that it's working properly

ATF Cleaner by Atribune is a useful utility to clean the temporary files and cookies on a regular basis.

But above all, keep all your software UP-TO-DATE at all time!!

A colleague of ours has excellent information and tips on the prevention of malware here

If you want to fight back the Malware Writers, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

Happy Surfing!

[viperdiabolos]

every link is being reviewed and/or downloaded. Looks like there's work to be done. Issue Resolved.